Message	Id	Version	Qualifiers	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	RelatedActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
PowerShell console is ready for user input	40962	1		4	4	2	0	503	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4120	4124	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:13 PM	ca610e00-1c3c-0004-3111-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4120 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	502	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4120	2432	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:13 PM	ca610e00-1c3c-0004-3111-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	501	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4120	4124	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:13 PM	ca610e00-1c3c-0004-3111-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 2ae6e9e2-de3a-4864-94c0-c1907b3a3154 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 7c0992df-c813-4d7a-89da-14cf27d40a08 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	500	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	1260	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:13 PM	ca610e00-1c3c-0001-db11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 83c52c46-3e85-4371-96bc-40660ca5ab9f Path:	4104	1		3	2	15	0	499	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:13 PM	ca610e00-1c3c-0005-3a11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 34191b14-0a25-4eda-8781-015856e092ea Path:	4104	1		3	2	15	0	498	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:13 PM	ca610e00-1c3c-0000-4b11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 6abdcb8b-cfd9-493b-82a0-dd157449f241 Path:	4104	1		3	2	15	0	497	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:12 PM	ca610e00-1c3c-0005-2911-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): SBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "C:\\collect-event-log.ps1", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: e0e01767-63f1-469d-9b15-4918d5aa87f3 Path:	4104	1		3	2	15	0	496	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:12 PM	ca610e00-1c3c-0000-4511-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgP ScriptBlock ID: e0e01767-63f1-469d-9b15-4918d5aa87f3 Path:	4104	1		3	2	15	0	495	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:12 PM	ca610e00-1c3c-0000-4511-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXN ScriptBlock ID: e0e01767-63f1-469d-9b15-4918d5aa87f3 Path:	4104	1		3	2	15	0	494	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:12 PM	ca610e00-1c3c-0000-4511-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	493	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	5040	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:12 PM	ca610e00-1c3c-0003-6d10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5036 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	492	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	5108	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:12 PM	ca610e00-1c3c-0003-6d10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	491	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	5040	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:12 PM	ca610e00-1c3c-0003-6d10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	490	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	4852	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:11 PM	ca610e00-1c3c-0000-3c11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4848 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	489	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	4920	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:11 PM	ca610e00-1c3c-0000-3c11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	488	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4848	4852	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:11 PM	ca610e00-1c3c-0000-3c11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	487	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	4764	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:11 PM	ca610e00-1c3c-0004-2611-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4760 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	486	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	4832	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:11 PM	ca610e00-1c3c-0004-2611-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	485	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	4764	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:11 PM	ca610e00-1c3c-0004-2611-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: d8ff15c6-0726-4e7e-b629-b7e35d4bd1da Path:	4104	1		3	2	15	0	484	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4732	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0005-ff10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 6b614907-b40b-4f5e-9579-a0ffeab5b607 Path:	4104	1		3	2	15	0	483	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4708	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0002-b311-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 1f733468-6454-4759-9990-faa3d0a5854c Path:	4104	1		3	2	15	0	482	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4708	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0002-a411-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): ": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\collect-event-log.ps1", "checksum": "f0e4c7145db8c7eba44bc8a5b81542c17749bbda", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "collect-event-log.ps1", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1644250267.68-20517804131460'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f3fecba0-ccf6-4196-a4bb-f38cbbef37a5 Path:	4104	1		3	2	15	0	481	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4708	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0002-9e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): W4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1644250267.68-20517804131460\\source", "_ansible_selinux_special_fs ScriptBlock ID: f3fecba0-ccf6-4196-a4bb-f38cbbef37a5 Path:	4104	1		3	2	15	0	480	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4708	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0002-9e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): iYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZ ScriptBlock ID: f3fecba0-ccf6-4196-a4bb-f38cbbef37a5 Path:	4104	1		3	2	15	0	479	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4708	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0002-9e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): MgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSA ScriptBlock ID: f3fecba0-ccf6-4196-a4bb-f38cbbef37a5 Path:	4104	1		3	2	15	0	478	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4708	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0002-9e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYX ScriptBlock ID: f3fecba0-ccf6-4196-a4bb-f38cbbef37a5 Path:	4104	1		3	2	15	0	477	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4708	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0002-9e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	476	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4628	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0004-2111-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4624 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	475	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4696	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0004-2111-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	474	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4624	4628	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:10 PM	ca610e00-1c3c-0004-2111-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1644250267.68-20517804131460\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: dd823099-82cd-41f0-a831-936d00572273 Path:	4104	1		3	2	15	0	473	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	4592	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:09 PM	ca610e00-1c3c-0001-ab11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	472	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	4512	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:09 PM	ca610e00-1c3c-0002-9b11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4508 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	471	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	4580	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:09 PM	ca610e00-1c3c-0002-9b11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	470	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	4512	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:09 PM	ca610e00-1c3c-0002-9b11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 140805ee-9cd3-4ad5-8e30-3cdbb904b655 Path:	4104	1		3	2	15	0	469	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:09 PM	ca610e00-1c3c-0001-8811-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): nce a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 314653bf-c3bc-4afe-80d8-e52d37c7a9be Path:	4104	1		3	2	15	0	468	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:09 PM	ca610e00-1c3c-0001-8411-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # o ScriptBlock ID: 314653bf-c3bc-4afe-80d8-e52d37c7a9be Path:	4104	1		3	2	15	0	467	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:09 PM	ca610e00-1c3c-0001-8411-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 61d61609-31a6-4731-8b6d-a6d4fdc84dd9 Path:	4104	1		3	2	15	0	466	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:09 PM	ca610e00-1c3c-0005-f510-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 2be685c3-f42a-433e-b69e-bd7a29e30dab Path:	4104	1		3	2	15	0	465	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0005-e610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): iAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\collect-event-log.ps1", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1644250267.68-20517804131460'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1e831864-695c-40f8-a5c2-466113cd4702 Path:	4104	1		3	2	15	0	464	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0001-7e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KC ScriptBlock ID: 1e831864-695c-40f8-a5c2-466113cd4702 Path:	4104	1		3	2	15	0	463	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0001-7e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0 ScriptBlock ID: 1e831864-695c-40f8-a5c2-466113cd4702 Path:	4104	1		3	2	15	0	462	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0001-7e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): TRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0 ScriptBlock ID: 1e831864-695c-40f8-a5c2-466113cd4702 Path:	4104	1		3	2	15	0	461	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0001-7e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): dGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJ ScriptBlock ID: 1e831864-695c-40f8-a5c2-466113cd4702 Path:	4104	1		3	2	15	0	460	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0001-7e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3Rh ScriptBlock ID: 1e831864-695c-40f8-a5c2-466113cd4702 Path:	4104	1		3	2	15	0	459	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4440	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0001-7e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	458	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4360	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0005-e210-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4356 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	457	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4428	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0005-e210-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	456	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4356	4360	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0005-e210-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	455	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4240	4244	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:08 PM	ca610e00-1c3c-0000-1911-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4240 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	454	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4240	4312	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0000-1911-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	453	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4240	4244	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0000-1911-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	452	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4152	4156	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0004-1511-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4152 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	451	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4152	4224	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0004-1511-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	450	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4152	4156	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0004-1511-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	449	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1232	2160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0002-7911-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1232 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	448	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1232	4108	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0002-7911-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	447	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1232	2160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0002-7911-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	446	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1800	3640	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0004-0d11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1800 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	445	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1800	1576	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0004-0d11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	444	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1800	3640	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:07 PM	ca610e00-1c3c-0004-0d11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 2540da3e-4a2c-44f8-9ae2-84268bf513b6 Path:	4104	1		3	2	15	0	443	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	1260	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:06 PM	ca610e00-1c3c-0002-5711-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 300d6d8c-8585-4792-ac20-a8b3aa91c76f Path:	4104	1		3	2	15	0	442	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	4064	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:06 PM	ca610e00-1c3c-0002-4a11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: be8ab176-064e-4817-b965-52d0df12b482 Path:	4104	1		3	2	15	0	441	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	4064	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:06 PM	ca610e00-1c3c-0002-4511-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): LWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1644250263.23-132127060783458\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogjs.txt", "checksum": "3d83b7bd9b4b6f109f75affd8ae845d7acd9808d", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogjs.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1644250263.23-132127060783458'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 161ded1b-493d-4595-befd-695fef5bb622 Path:	4104	1		3	2	15	0	440	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	4064	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0002-3f11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): CAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUg ScriptBlock ID: 161ded1b-493d-4595-befd-695fef5bb622 Path:	4104	1		3	2	15	0	439	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	4064	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0002-3f11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): lZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgI ScriptBlock ID: 161ded1b-493d-4595-befd-695fef5bb622 Path:	4104	1		3	2	15	0	438	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	4064	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0002-3f11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHN ScriptBlock ID: 161ded1b-493d-4595-befd-695fef5bb622 Path:	4104	1		3	2	15	0	437	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	4064	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0002-3f11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	436	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	2184	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0004-0611-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2140 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	435	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	3416	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0004-0611-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	434	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	2184	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0004-0611-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1644250263.23-132127060783458\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 24509932-13ad-416e-ac52-39206fb0ec16 Path:	4104	1		3	2	15	0	433	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	2156	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0001-6611-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	432	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1068	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0000-0e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3616 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	431	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	2236	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0000-0e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	430	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1068	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:05 PM	ca610e00-1c3c-0000-0e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 96dd79ef-cc5e-426f-8bc8-abe76e189cf3 Path:	4104	1		3	2	15	0	429	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-e310-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): lege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 219c09c7-232a-4e0a-a555-32ad89f8120e Path:	4104	1		3	2	15	0	428	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-df10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privi ScriptBlock ID: 219c09c7-232a-4e0a-a555-32ad89f8120e Path:	4104	1		3	2	15	0	427	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-df10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 15712a43-b169-4f07-96d0-9aa86d7e82d1 Path:	4104	1		3	2	15	0	426	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-db10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 39b52d46-594c-4d81-ad85-79c1dc6357a1 Path:	4104	1		3	2	15	0	425	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-d010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): ZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogjs.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1644250263.23-132127060783458'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 842566a3-4f9c-4492-a79d-28da112d0d80 Path:	4104	1		3	2	15	0	424	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-ca10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcn ScriptBlock ID: 842566a3-4f9c-4492-a79d-28da112d0d80 Path:	4104	1		3	2	15	0	423	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-ca10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): AgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09 ScriptBlock ID: 842566a3-4f9c-4492-a79d-28da112d0d80 Path:	4104	1		3	2	15	0	422	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-ca10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): ibGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogIC ScriptBlock ID: 842566a3-4f9c-4492-a79d-28da112d0d80 Path:	4104	1		3	2	15	0	421	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-ca10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): ICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2l ScriptBlock ID: 842566a3-4f9c-4492-a79d-28da112d0d80 Path:	4104	1		3	2	15	0	420	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-ca10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAg ScriptBlock ID: 842566a3-4f9c-4492-a79d-28da112d0d80 Path:	4104	1		3	2	15	0	419	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	3524	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-ca10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	418	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	2160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-c810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2108 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	417	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	2184	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-c810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	416	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2108	2160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:04 PM	ca610e00-1c3c-0004-c810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	415	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3428	3764	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:03 PM	ca610e00-1c3c-0000-ec10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3428 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	414	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3428	1348	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:03 PM	ca610e00-1c3c-0000-ec10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	413	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3428	3764	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:03 PM	ca610e00-1c3c-0000-ec10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	412	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3132	1460	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:03 PM	ca610e00-1c3c-0004-c510-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3132 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	411	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3132	1260	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:03 PM	ca610e00-1c3c-0004-c510-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	410	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3132	1460	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:03 PM	ca610e00-1c3c-0004-c510-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	409	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2484	168	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:02 PM	ca610e00-1c3c-0003-3610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2484 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	408	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2484	3428	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:02 PM	ca610e00-1c3c-0003-3610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	407	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2484	168	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:02 PM	ca610e00-1c3c-0003-3610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	406	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1296	1304	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:02 PM	ca610e00-1c3c-0004-be10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1296 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	405	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1296	820	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:02 PM	ca610e00-1c3c-0004-be10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	404	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1296	1304	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:02 PM	ca610e00-1c3c-0004-be10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 0e4e6e14-713d-4418-92a0-07f644edbc67 Path:	4104	1		3	2	15	0	403	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3980	2964	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:02 PM	ca610e00-1c3c-0001-3211-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: db7708db-1519-4f62-abe8-cd44569b8d7f Path:	4104	1		3	2	15	0	402	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3980	2500	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:02 PM	ca610e00-1c3c-0001-2f11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 109d6a42-0493-40a3-bb79-623a9ce317e7 Path:	4104	1		3	2	15	0	401	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3980	2500	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:01 PM	ca610e00-1c3c-0001-2411-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): CAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1644250258.65-8236042004482\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogcss.txt", "checksum": "d051fdb120afddc6f99086f6b8b905bce125cb45", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogcss.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1644250258.65-8236042004482'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 91bc0509-830a-4e68-9a69-ea83cd2f0c82 Path:	4104	1		3	2	15	0	400	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3980	2500	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:01 PM	ca610e00-1c3c-0001-1e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): KPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgI ScriptBlock ID: 91bc0509-830a-4e68-9a69-ea83cd2f0c82 Path:	4104	1		3	2	15	0	399	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3980	2500	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:01 PM	ca610e00-1c3c-0001-1e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCns ScriptBlock ID: 91bc0509-830a-4e68-9a69-ea83cd2f0c82 Path:	4104	1		3	2	15	0	398	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3980	2500	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:01 PM	ca610e00-1c3c-0001-1e11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	397	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3980	1164	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:01 PM	ca610e00-1c3c-0004-b910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3980 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	396	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3980	3108	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:01 PM	ca610e00-1c3c-0004-b910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	395	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3980	1164	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:01 PM	ca610e00-1c3c-0004-b910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1644250258.65-8236042004482\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: fe43fc39-70c4-4cd2-98f9-06080bd4190b Path:	4104	1		3	2	15	0	394	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3380	176	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:01 PM	ca610e00-1c3c-0000-d510-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	393	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3380	168	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:00 PM	ca610e00-1c3c-0002-0b11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3380 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	392	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3380	820	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:00 PM	ca610e00-1c3c-0002-0b11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	391	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3380	168	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:00 PM	ca610e00-1c3c-0002-0b11-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c71b8265-3317-4350-be68-5b2785720902 Path:	4104	1		3	2	15	0	390	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:00 PM	ca610e00-1c3c-0003-0310-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ess' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: a166b7d1-b0cd-41e2-9d26-88cce303a073 Path:	4104	1		3	2	15	0	389	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:00 PM	ca610e00-1c3c-0003-ff0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current proc ScriptBlock ID: a166b7d1-b0cd-41e2-9d26-88cce303a073 Path:	4104	1		3	2	15	0	388	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:00 PM	ca610e00-1c3c-0003-ff0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4d48adb2-bf5a-4dbc-acb7-923af6539973 Path:	4104	1		3	2	15	0	387	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:11:00 PM	ca610e00-1c3c-0001-0711-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 3c3e4676-6801-4149-ab7f-26e49c71ea61 Path:	4104	1		3	2	15	0	386	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0003-f80f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 75b7cda9-a4a6-41b8-a983-94b59be8ddd0 Path:	4104	1		3	2	15	0	385	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0001-f910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): KICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogcss.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1644250258.65-8236042004482'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version ScriptBlock ID: 75b7cda9-a4a6-41b8-a983-94b59be8ddd0 Path:	4104	1		3	2	15	0	384	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0001-f910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): kZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXM ScriptBlock ID: 75b7cda9-a4a6-41b8-a983-94b59be8ddd0 Path:	4104	1		3	2	15	0	383	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0001-f910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): SB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVR ScriptBlock ID: 75b7cda9-a4a6-41b8-a983-94b59be8ddd0 Path:	4104	1		3	2	15	0	382	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0001-f910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): GVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZ ScriptBlock ID: 75b7cda9-a4a6-41b8-a983-94b59be8ddd0 Path:	4104	1		3	2	15	0	381	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0001-f910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0a ScriptBlock ID: 75b7cda9-a4a6-41b8-a983-94b59be8ddd0 Path:	4104	1		3	2	15	0	380	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0001-f910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	379	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	3132	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0001-f710-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2960 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	378	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	3884	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0001-f710-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	377	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2960	3132	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0001-f710-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	376	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1096	3380	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0002-0311-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1096 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	375	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1096	1408	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0002-0311-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	374	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1096	3380	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:59 PM	ca610e00-1c3c-0002-0311-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	373	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	1356	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:58 PM	ca610e00-1c3c-0001-ea10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 176 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	372	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	3960	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:58 PM	ca610e00-1c3c-0001-ea10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	371	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	1356	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:58 PM	ca610e00-1c3c-0001-ea10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7887e81e-5421-4c70-90c8-cc0a475fca7a Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 9d28f3ee-b25c-450c-ac38-8734924ea9cc Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	370	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3984	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:53 PM	ca610e00-1c3c-0005-8010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: a6879097-211b-4969-8029-3f493d66c3b5 Path:	4104	1		3	2	15	0	369	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3984	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:53 PM	ca610e00-1c3c-0004-6510-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7887e81e-5421-4c70-90c8-cc0a475fca7a Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 9d28f3ee-b25c-450c-ac38-8734924ea9cc Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	368	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3984	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:53 PM	ca610e00-1c3c-0004-5d10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: 24f207bf-c764-4683-95b7-d8f0fc219349 Path:	4104	1		3	2	15	0	367	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3984	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:52 PM	ca610e00-1c3c-0000-a610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 25b6570c-0867-4430-aa32-7b9fa9cab1ec Path:	4104	1		3	2	15	0	366	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3384	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:52 PM	ca610e00-1c3c-0001-de10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 39620f79-9867-4e72-8b86-9a229f4d06f4 Path:	4104	1		3	2	15	0	365	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3384	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:52 PM	ca610e00-1c3c-0004-e60f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): W1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f2676260-6d61-4af5-ac57-9b7b27e1275f Path:	4104	1		3	2	15	0	364	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3384	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:51 PM	ca610e00-1c3c-0004-e00f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): yaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuY ScriptBlock ID: f2676260-6d61-4af5-ac57-9b7b27e1275f Path:	4104	1		3	2	15	0	363	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3384	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:51 PM	ca610e00-1c3c-0004-e00f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3V ScriptBlock ID: f2676260-6d61-4af5-ac57-9b7b27e1275f Path:	4104	1		3	2	15	0	362	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3384	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:51 PM	ca610e00-1c3c-0004-e00f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	361	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	2500	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:51 PM	ca610e00-1c3c-0001-d410-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1488 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	360	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	3136	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:51 PM	ca610e00-1c3c-0001-d410-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	359	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1488	2500	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:51 PM	ca610e00-1c3c-0001-d410-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetGPO' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Open-NetGPO { [CmdletBinding(PositionalBinding=$false)] [OutputType([System.String])] param( [Parameter(ParameterSetName='Open0', Mandatory=$true, Position=0)] [string] ${PolicyStore}, [Parameter(ParameterSetName='Open0')] [string] ${DomainController}, [Parameter(ParameterSetName='Open0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Open0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Open0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DomainController')) { [object]$__cmdletization_value = ${DomainController} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainController'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainController'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GPOSession'; ParameterType = 'System.String'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Open', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetGPO.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Open-NetGPO' -Alias '*' function Save-NetGPO { [CmdletBinding(PositionalBinding=$false)] param( [Parameter(ParameterSetName='Save1', Mandatory=$true, Position=0)] [string] ${GPOSession}, [Parameter(ParameterSetName='Save1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Save1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Save1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Save', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetGPO.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Save-NetGPO' -Alias '*' ScriptBlock ID: aa8c355d-fb1e-4d92-8d91-744a06fa976e Path:	4104	1		3	2	15	0	358	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0004-cb0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): ; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowIPsecThroughNAT'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecThroughNAT'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSAIdleTimeSeconds')) { [object]$__cmdletization_value = ${MaxSAIdleTimeSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSAIdleTimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSAIdleTimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('KeyEncoding')) { [object]$__cmdletization_value = ${KeyEncoding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyEncoding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyEncoding'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyEncoding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyEncoding'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnablePacketQueuing')) { [object]$__cmdletization_value = ${EnablePacketQueuing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnablePacketQueuing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PacketQueuing'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnablePacketQueuing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PacketQueuing'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallSetting' -Alias '*' ScriptBlock ID: 15d004e0-71b0-4586-b826-16332bd53230 Path:	4104	1		3	2	15	0	357	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0004-c70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): f (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Exemptions')) { [object]$__cmdletization_value = ${Exemptions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Exemptions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.TrafficExemption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Exemptions'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.TrafficExemption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableStatefulFtp')) { [object]$__cmdletization_value = ${EnableStatefulFtp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulFtp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulFtp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableStatefulPptp')) { [object]$__cmdletization_value = ${EnableStatefulPptp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulPptp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStatefulPptp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachineTransportAuthorizationList')) { [object]$__cmdletization_value = ${RemoteMachineTransportAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachineTunnelAuthorizationList')) { [object]$__cmdletization_value = ${RemoteMachineTunnelAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachineTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUserTransportAuthorizationList')) { [object]$__cmdletization_value = ${RemoteUserTransportAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTransportAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUserTunnelAuthorizationList')) { [object]$__cmdletization_value = ${RemoteUserTunnelAuthorizationList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUserTunnelAuthorizationList'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RequireFullAuthSupport')) { [object]$__cmdletization_value = ${RequireFullAuthSupport} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireFullAuthSupport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireFullAuthSupport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CertValidationLevel')) { [object]$__cmdletization_value = ${CertValidationLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CertValidationLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.CRLCheck'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CertValidationLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.CRLCheck'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowIPsecThroughNAT')) { [object]$__cmdletization_value = ${AllowIPsecThroughNAT} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowIPsecThroughNAT'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecThroughNAT'; Bindings = 'In'; Value = $__cmdletization_value ScriptBlock ID: 15d004e0-71b0-4586-b826-16332bd53230 Path:	4104	1		3	2	15	0	356	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0004-c70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetSecuritySettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallSetting { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetSecuritySettingData')] param( [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallSetting' -Alias '*' function Set-NetFirewallSetting { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetSecuritySettingData')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetSecuritySettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.TrafficExemption] ${Exemptions}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${EnableStatefulFtp}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${EnableStatefulPptp}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachineTransportAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachineTunnelAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUserTransportAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUserTunnelAuthorizationList}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${RequireFullAuthSupport}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.CRLCheck] ${CertValidationLevel}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecThroughNAT] ${AllowIPsecThroughNAT}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxSAIdleTimeSeconds}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyEncoding] ${KeyEncoding}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PacketQueuing] ${EnablePacketQueuing}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { i ScriptBlock ID: 15d004e0-71b0-4586-b826-16332bd53230 Path:	4104	1		3	2	15	0	355	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0004-c70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetQuickModeSA' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPsecQuickModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeSA') -and (@('ByAssociatedNetIPsecMainModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeSA}, 'MSFT_NetSAAssociation', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecQuickModeSA' -Alias '*' function Remove-NetIPsecQuickModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetQuickModeSA')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeSA') -and (@('ByAssociatedNetIPsecMainModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeSA}, 'MSFT_NetSAAssociation', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAssociatedNetIPsecMainModeSA', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecQuickModeSA' -Alias '*' ScriptBlock ID: 0971a656-7a3f-4653-9c4e-828087afeb04 Path:	4104	1		3	2	15	0	354	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-be10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetMainModeSA' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPsecMainModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeSA') -and (@('ByAssociatedNetIPsecQuickModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeSA}, 'MSFT_NetSAAssociation', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecMainModeSA' -Alias '*' function Remove-NetIPsecMainModeSA { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeSA')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetQuickModeSA')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeSA}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeSA')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeSA')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeSA') -and (@('ByAssociatedNetIPsecQuickModeSA') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeSA}, 'MSFT_NetSAAssociation', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAssociatedNetIPsecQuickModeSA', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeSA.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecMainModeSA' -Alias '*' ScriptBlock ID: 371ead1f-9afc-4e6f-b203-cf00d67557f1 Path:	4104	1		3	2	15	0	353	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-ba10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIPsecIdentity' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } ScriptBlock ID: bd6c70e0-02c2-4d3f-a20c-a697336e14b8 Path:	4104	1		3	2	15	0	352	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-b810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): .ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('ElementName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecDospSetting' -Alias '*' ScriptBlock ID: d0ceb981-1df3-444f-84be-1fa5ea968781 Path:	4104	1		3	2	15	0	351	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-b210-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6FilterExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptDscp')) { [object]$__cmdletization_value = ${DefBlockExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${DefBlockExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxStateEntries')) { [object]$__cmdletization_value = ${MaxStateEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxPerIPRateLimitQueues')) { [object]$__cmdletization_value = ${MaxPerIPRateLimitQueues} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnabledKeyingModules')) { [object]$__cmdletization_value = ${EnabledKeyingModules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('FilteringFlags')) { [object]$__cmdletization_value = ${FilteringFlags} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicInterfaceAliases')) { [object]$__cmdletization_value = ${PublicInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateInterfaceAliases')) { [object]$__cmdletization_value = ${PrivateInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicV6Address')) { [object]$__cmdletization_value = ${PublicV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateV6Address')) { [object]$__cmdletization_value = ${PrivateV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecDospSetting' -Alias '*' function Remove-NetIPsecDospSetting { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPsecDoSPSetting')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPsecDoSPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters ScriptBlock ID: d0ceb981-1df3-444f-84be-1fa5ea968781 Path:	4104	1		3	2	15	0	350	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-b210-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPsecDoSPSetting')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPsecDoSPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${StateIdleTimeoutSeconds}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${PerIPRateLimitQueueIdleTimeoutSeconds}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecUnauthDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecUnauthRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${IpV6IPsecAuthDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6IPsecAuthRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${IcmpV6Dscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IcmpV6RateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6FilterExemptDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${IpV6FilterExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DefBlockExemptDscp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DefBlockExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxStateEntries}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxPerIPRateLimitQueues}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules] ${EnabledKeyingModules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags] ${FilteringFlags}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${PublicInterfaceAliases}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${PrivateInterfaceAliases}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${PublicV6Address}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${PrivateV6Address}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('ElementName', $__cmdletization_values, $true, 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('StateIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${StateIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerIPRateLimitQueueIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${PerIPRateLimitQueueIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthPerIPRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecAuthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecAuthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6Dscp')) { [object]$__cmdletization_value = ${IcmpV6Dscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6RateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IcmpV6RateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptDscp')) { [object]$__cmdletization_value = ${IpV6FilterExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = ' ScriptBlock ID: d0ceb981-1df3-444f-84be-1fa5ea968781 Path:	4104	1		3	2	15	0	349	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-b210-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): eter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6FilterExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6FilterExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptDscp')) { [object]$__cmdletization_value = ${DefBlockExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefBlockExemptRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${DefBlockExemptRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefBlockExemptRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxStateEntries')) { [object]$__cmdletization_value = ${MaxStateEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxStateEntries'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxPerIPRateLimitQueues')) { [object]$__cmdletization_value = ${MaxPerIPRateLimitQueues} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPerIPRateLimitQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnabledKeyingModules')) { [object]$__cmdletization_value = ${EnabledKeyingModules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnabledKeyingModules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('FilteringFlags')) { [object]$__cmdletization_value = ${FilteringFlags} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'FilteringFlags'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicInterfaceAliases')) { [object]$__cmdletization_value = ${PublicInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateInterfaceAliases')) { [object]$__cmdletization_value = ${PrivateInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateInterfaceAliases'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PublicV6Address')) { [object]$__cmdletization_value = ${PublicV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PublicV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrivateV6Address')) { [object]$__cmdletization_value = ${PrivateV6Address} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrivateV6Address'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecDospSetting' -Alias '*' function Get-NetIPsecDospSetting { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPsecDoSPSetting')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('ElementName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecDospSetting.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecDospSetting' -Alias '*' function Set-NetIPsecDospSetting { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', ScriptBlock ID: d0ceb981-1df3-444f-84be-1fa5ea968781 Path:	4104	1		3	2	15	0	348	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-b210-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIPsecDoSPSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecDospSetting { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${StateIdleTimeoutSeconds}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${PerIPRateLimitQueueIdleTimeoutSeconds}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecUnauthDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecUnauthRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${IpV6IPsecAuthDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6IPsecAuthRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${IcmpV6Dscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IcmpV6RateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6FilterExemptDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${IpV6FilterExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${DefBlockExemptDscp}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${DefBlockExemptRateLimitBytesPerSec}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxStateEntries}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxPerIPRateLimitQueues}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospKeyModules] ${EnabledKeyingModules}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DospFlags] ${FilteringFlags}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [WildcardPattern[]] ${PublicInterfaceAliases}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [WildcardPattern[]] ${PrivateInterfaceAliases}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PublicV6Address}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PrivateV6Address}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('StateIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${StateIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'StateIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerIPRateLimitQueueIdleTimeoutSeconds')) { [object]$__cmdletization_value = ${PerIPRateLimitQueueIdleTimeoutSeconds} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PerIPRateLimitQueueIdleTimeoutSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthDscp'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecUnauthPerIPRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecUnauthPerIPRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecUnauthPerIPRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthDscp')) { [object]$__cmdletization_value = ${IpV6IPsecAuthDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthDscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6IPsecAuthRateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IpV6IPsecAuthRateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpV6IPsecAuthRateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6Dscp')) { [object]$__cmdletization_value = ${IcmpV6Dscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6Dscp'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpV6RateLimitBytesPerSec')) { [object]$__cmdletization_value = ${IcmpV6RateLimitBytesPerSec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpV6RateLimitBytesPerSec'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpV6FilterExemptDscp')) { [object]$__cmdletization_value = ${IpV6FilterExemptDscp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParam ScriptBlock ID: d0ceb981-1df3-444f-84be-1fa5ea968781 Path:	4104	1		3	2	15	0	347	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-b210-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetSecDeltaCollection' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } ScriptBlock ID: b48ef7fc-4acf-4d02-9f08-c66ff76df27a Path:	4104	1		3	2	15	0	346	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-b010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisabledInterfaceAliases'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallProfile.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallProfile' -Alias '*' ScriptBlock ID: ab12b07a-e05b-43aa-ae9a-c17724cd61ea Path:	4104	1		3	2	15	0	345	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-ac10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): SBoundParameters.ContainsKey('AllowLocalIPsecRules')) { [object]$__cmdletization_value = ${AllowLocalIPsecRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalIPsecRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalIPsecRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowUserApps')) { [object]$__cmdletization_value = ${AllowUserApps} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserApps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserApps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowUserPorts')) { [object]$__cmdletization_value = ${AllowUserPorts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserPorts'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUserPorts'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowUnicastResponseToMulticast')) { [object]$__cmdletization_value = ${AllowUnicastResponseToMulticast} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUnicastResponseToMulticast'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowUnicastResponseToMulticast'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NotifyOnListen')) { [object]$__cmdletization_value = ${NotifyOnListen} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NotifyOnListen'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NotifyOnListen'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableStealthModeForIPsec')) { [object]$__cmdletization_value = ${EnableStealthModeForIPsec} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStealthModeForIPsec'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableStealthModeForIPsec'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogFileName')) { [object]$__cmdletization_value = ${LogFileName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogFileName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogFileName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogMaxSizeKilobytes')) { [object]$__cmdletization_value = ${LogMaxSizeKilobytes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogMaxSizeKilobytes'; ParameterType = 'System.UInt64'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogMaxSizeKilobytes'; ParameterType = 'System.UInt64'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogAllowed')) { [object]$__cmdletization_value = ${LogAllowed} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogAllowed'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogAllowed'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogBlocked')) { [object]$__cmdletization_value = ${LogBlocked} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogBlocked'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogBlocked'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LogIgnored')) { [object]$__cmdletization_value = ${LogIgnored} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogIgnored'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LogIgnored'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisabledInterfaceAliases')) { [object]$__cmdletization_value = ${DisabledInterfaceAliases} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisabledInterfaceAliases'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} ScriptBlock ID: ab12b07a-e05b-43aa-ae9a-c17724cd61ea Path:	4104	1		3	2	15	0	344	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-ac10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowLocalIPsecRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowUserApps}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowUserPorts}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowUnicastResponseToMulticast}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${NotifyOnListen}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${EnableStealthModeForIPsec}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LogFileName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint64] ${LogMaxSizeKilobytes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${LogAllowed}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${LogBlocked}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${LogIgnored}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${DisabledInterfaceAliases}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultInboundAction')) { [object]$__cmdletization_value = ${DefaultInboundAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultInboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultInboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultOutboundAction')) { [object]$__cmdletization_value = ${DefaultOutboundAction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultOutboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultOutboundAction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowInboundRules')) { [object]$__cmdletization_value = ${AllowInboundRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowInboundRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowInboundRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowLocalFirewallRules')) { [object]$__cmdletization_value = ${AllowLocalFirewallRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalFirewallRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowLocalFirewallRules'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($P ScriptBlock ID: ab12b07a-e05b-43aa-ae9a-c17724cd61ea Path:	4104	1		3	2	15	0	343	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-ac10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetFirewallProfile' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallProfile { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('Profile')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleInProfile', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleInProfile', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleInProfile', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallProfile.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallProfile' -Alias '*' function Set-NetFirewallProfile { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('Profile')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${DefaultInboundAction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${DefaultOutboundAction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowInboundRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean] ${AllowLocalFirewallRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerSh ScriptBlock ID: ab12b07a-e05b-43aa-ae9a-c17724cd61ea Path:	4104	1		3	2	15	0	342	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:44 PM	ca610e00-1c3c-0001-ac10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): ='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecQuickModeCryptoSet' -Alias '*' ScriptBlock ID: 1093d509-8488-472e-8e06-fb64eac88b3b Path:	4104	1		3	2	15	0	341	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-c30f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): ') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecQuickModeCryptoSet' -Alias '*' function Rename-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecQuickModeCryptoSet' -Alias '*' function Copy-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName ScriptBlock ID: 1093d509-8488-472e-8e06-fb64eac88b3b Path:	4104	1		3	2	15	0	340	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-c30f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup')) { [object]$__cmdletization_value = ${PerfectForwardSecrecyGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecQuickModeCryptoSet' -Alias '*' function Remove-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru ScriptBlock ID: 1093d509-8488-472e-8e06-fb64eac88b3b Path:	4104	1		3	2	15	0	339	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-c30f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): terSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PerfectForwardSecrecyGroup}) $__cmdletization_queryBuilder.FilterByProperty('PfsGroupID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleQMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecQuickModeCryptoSet' -Alias '*' function Set-NetIPsecQuickModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('PfsGroup')] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType ScriptBlock ID: 1093d509-8488-472e-8e06-fb64eac88b3b Path:	4104	1		3	2	15	0	338	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-c30f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEQMCryptoSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecQuickModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('PfsGroup')] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PerfectForwardSecrecyGroup')) { [object]$__cmdletization_value = ${PerfectForwardSecrecyGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PfsGroupID'; ParameterType = 'Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecQuickModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecQuickModeCryptoSet' -Alias '*' function Get-NetIPsecQuickModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [Alias('PfsGroup')] [ValidateNotNull()] [Microsoft.Windows.Firewall.Commands.DiffieHellmanGroup[]] ${PerfectForwardSecrecyGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(Parame ScriptBlock ID: 1093d509-8488-472e-8e06-fb64eac88b3b Path:	4104	1		3	2	15	0	337	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-c30f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): Query')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecMainModeCryptoSet' -Alias '*' ScriptBlock ID: 1d946c30-8db1-4e3b-bdcf-532ccdb07f34 Path:	4104	1		3	2	15	0	336	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecMainModeCryptoSet' -Alias '*' function Copy-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='By ScriptBlock ID: 1d946c30-8db1-4e3b-bdcf-532ccdb07f34 Path:	4104	1		3	2	15	0	335	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): ization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxMinutes')) { [object]$__cmdletization_value = ${MaxMinutes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSessions')) { [object]$__cmdletization_value = ${MaxSessions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceDiffieHellman')) { [object]$__cmdletization_value = ${ForceDiffieHellman} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecMainModeCryptoSet' -Alias '*' function Remove-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecMainModeCryptoSet' -Alias '*' function Rename-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] ScriptBlock ID: 1d946c30-8db1-4e3b-bdcf-532ccdb07f34 Path:	4104	1		3	2	15	0	334	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): e')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MaxMinutes') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxMinutes}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeMinutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSessions') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSessions}) $__cmdletization_queryBuilder.FilterByProperty('MaxLifetimeSessions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceDiffieHellman') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceDiffieHellman}) $__cmdletization_queryBuilder.FilterByProperty('ForceDiffieHellman', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMCryptoSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecMainModeCryptoSet' -Alias '*' function Set-NetIPsecMainModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxMinutes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MaxSessions}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdlet ScriptBlock ID: 1d946c30-8db1-4e3b-bdcf-532ccdb07f34 Path:	4104	1		3	2	15	0	333	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEMMCryptoSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecMainModeCryptoSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxMinutes}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${MaxSessions}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${ForceDiffieHellman}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxMinutes')) { [object]$__cmdletization_value = ${MaxMinutes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeMinutes'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSessions')) { [object]$__cmdletization_value = ${MaxSessions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxLifetimeSessions'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceDiffieHellman')) { [object]$__cmdletization_value = ${ForceDiffieHellman} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceDiffieHellman'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeCryptoSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecMainModeCryptoSet' -Alias '*' function Get-NetIPsecMainModeCryptoSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxMinutes}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${MaxSessions}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${ForceDiffieHellman}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByNam ScriptBlock ID: 1d946c30-8db1-4e3b-bdcf-532ccdb07f34 Path:	4104	1		3	2	15	0	332	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): _methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecPhase2AuthSet' -Alias '*' ScriptBlock ID: 3b3cc96e-ccf2-449c-a4fb-a3f85c2f6475 Path:	4104	1		3	2	15	0	331	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0002-bf10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): __cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecPhase2AuthSet' -Alias '*' function Copy-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization ScriptBlock ID: 3b3cc96e-ccf2-449c-a4fb-a3f85c2f6475 Path:	4104	1		3	2	15	0	330	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0002-bf10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecPhase2AuthSet' -Alias '*' function Rename-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $ ScriptBlock ID: 3b3cc96e-ccf2-449c-a4fb-a3f85c2f6475 Path:	4104	1		3	2	15	0	329	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0002-bf10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleEMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecPhase2AuthSet' -Alias '*' function Set-NetIPsecPhase2AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecPhase2AuthSet' -Alias '*' function Remove-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ScriptBlock ID: 3b3cc96e-ccf2-449c-a4fb-a3f85c2f6475 Path:	4104	1		3	2	15	0	328	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0002-bf10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEP2AuthSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecPhase2AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase2AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecPhase2AuthSet' -Alias '*' function Get-NetIPsecPhase2AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { ScriptBlock ID: 3b3cc96e-ccf2-449c-a4fb-a3f85c2f6475 Path:	4104	1		3	2	15	0	327	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0002-bf10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): me='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecPhase1AuthSet' -Alias '*' ScriptBlock ID: 9f948ca5-3eb9-49a0-98cd-8c4fa8445b71 Path:	4104	1		3	2	15	0	326	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecPhase1AuthSet' -Alias '*' function Copy-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetNa ScriptBlock ID: 9f948ca5-3eb9-49a0-98cd-8c4fa8445b71 Path:	4104	1		3	2	15	0	325	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): er::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecPhase1AuthSet' -Alias '*' function Rename-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { ScriptBlock ID: 9f948ca5-3eb9-49a0-98cd-8c4fa8445b71 Path:	4104	1		3	2	15	0	324	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): }, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecPhase1AuthSet' -Alias '*' function Remove-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapp ScriptBlock ID: 9f948ca5-3eb9-49a0-98cd-8c4fa8445b71 Path:	4104	1		3	2	15	0	323	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): ryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleMMAuthSet', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecPhase1AuthSet' -Alias '*' function Set-NetIPsecPhase1AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob ScriptBlock ID: 9f948ca5-3eb9-49a0-98cd-8c4fa8445b71 Path:	4104	1		3	2	15	0	322	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetIKEP1AuthSet' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecPhase1AuthSet { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [ciminstance[]] ${Proposal}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${Default}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Proposal')) { [object]$__cmdletization_value = ${Proposal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Proposals'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Default')) { [object]$__cmdletization_value = ${Default} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Default'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecPhase1AuthSet.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecPhase1AuthSet' -Alias '*' function Get-NetIPsecPhase1AuthSet { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Prima ScriptBlock ID: 9f948ca5-3eb9-49a0-98cd-8c4fa8445b71 Path:	4104	1		3	2	15	0	321	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-8010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetServiceFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallServiceFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Service}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Service') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Service}) $__cmdletization_queryBuilder.FilterByProperty('ServiceName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByService', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallServiceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallServiceFilter' -Alias '*' function Set-NetFirewallServiceFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Service}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Service')) { [object]$__cmdletization_value = ${Service} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ServiceName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ServiceName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallServiceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallServiceFilter' -Alias '*' ScriptBlock ID: d46d987a-52a2-4024-bbf0-2d317e988c9a Path:	4104	1		3	2	15	0	320	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-7c10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetProtocolPortFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallPortFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Protocol}, [Parameter(ParameterSetName='ByQuery')] [Alias('DynamicTransport')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport[]] ${DynamicTarget}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DynamicTarget') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicTarget}) $__cmdletization_queryBuilder.FilterByProperty('DynamicTransport', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallPortFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallPortFilter' -Alias '*' function Set-NetFirewallPortFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Protocol}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${IcmpType}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('DynamicTransport')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport] ${DynamicTarget}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpType')) { [object]$__cmdletization_value = ${IcmpType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicTarget')) { [object]$__cmdletization_value = ${DynamicTarget} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallPortFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallPortFilter' -Alias '*' ScriptBlock ID: d2d5ee3a-6e11-4d3a-b997-9708b14d3b28 Path:	4104	1		3	2	15	0	319	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0001-a410-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): Key('Encryption')) { [object]$__cmdletization_value = ${Encryption} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OverrideBlockRules')) { [object]$__cmdletization_value = ${OverrideBlockRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalUser')) { [object]$__cmdletization_value = ${LocalUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUser')) { [object]$__cmdletization_value = ${RemoteUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteUsers'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachine')) { [object]$__cmdletization_value = ${RemoteMachine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteMachines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSecurityFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallSecurityFilter' -Alias '*' ScriptBlock ID: 84dc9676-9e67-40e0-aff5-c6b38ab8d192 Path:	4104	1		3	2	15	0	318	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-7810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallSecurityFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication[]] ${Authentication}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption[]] ${Encryption}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${OverrideBlockRules}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${LocalUser}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteUser}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteMachine}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Authentication') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Authentication}) $__cmdletization_queryBuilder.FilterByProperty('Authentication', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Encryption') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Encryption}) $__cmdletization_queryBuilder.FilterByProperty('Encryption', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OverrideBlockRules') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OverrideBlockRules}) $__cmdletization_queryBuilder.FilterByProperty('OverrideBlockRules', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalUser') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalUser}) $__cmdletization_queryBuilder.FilterByProperty('LocalUsers', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteUser') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteUser}) $__cmdletization_queryBuilder.FilterByProperty('RemoteUsers', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteMachine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteMachine}) $__cmdletization_queryBuilder.FilterByProperty('RemoteMachines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterBySecurity', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallSecurityFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallSecurityFilter' -Alias '*' function Set-NetFirewallSecurityFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication] ${Authentication}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption] ${Encryption}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${OverrideBlockRules}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LocalUser}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUser}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachine}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Authentication')) { [object]$__cmdletization_value = ${Authentication} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.Contains ScriptBlock ID: 84dc9676-9e67-40e0-aff5-c6b38ab8d192 Path:	4104	1		3	2	15	0	317	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-7810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetInterfaceTypeFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallInterfaceTypeFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType[]] ${InterfaceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceType}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallInterfaceTypeFilter' -Alias '*' function Set-NetFirewallInterfaceTypeFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceTypeFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallInterfaceTypeFilter' -Alias '*' ScriptBlock ID: bd4875c9-ab71-4984-8c00-43131c0ea91c Path:	4104	1		3	2	15	0	316	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0001-a010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetInterfaceFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallInterfaceFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] param( [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByInterface', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByInterface', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallInterfaceFilter' -Alias '*' function Set-NetFirewallInterfaceFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallInterfaceFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallInterfaceFilter' -Alias '*' ScriptBlock ID: 6adb4cf4-0492-413a-a659-6f27c665e9dc Path:	4104	1		3	2	15	0	315	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-7410-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetApplicationFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallApplicationFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] param( [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Program}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Package}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Program') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Program}) $__cmdletization_queryBuilder.FilterByProperty('AppPath', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Package') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Package}) $__cmdletization_queryBuilder.FilterByProperty('Package', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByApplication', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByQuery', 'ByAssociatedNetFirewallRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallApplicationFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallApplicationFilter' -Alias '*' function Set-NetFirewallApplicationFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Program}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Package}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Program')) { [object]$__cmdletization_value = ${Program} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AppPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AppPath'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Package')) { [object]$__cmdletization_value = ${Package} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallApplicationFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallApplicationFilter' -Alias '*' ScriptBlock ID: d924a133-c98b-496a-b4b9-4a9d7189d240 Path:	4104	1		3	2	15	0	314	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-bb0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetAddressFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetFirewallAddressFilter { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] param( [Parameter(ParameterSetName='ByAssociatedNetFirewallRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecRule}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeRule}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByAssociatedNetFirewallRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecRule')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeRule')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallRule') -and (@('ByAssociatedNetFirewallRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallRule}, 'MSFT_NetFirewallRuleFilterByAddress', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecRule') -and (@('ByAssociatedNetIPsecRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecRule}, 'MSFT_NetConSecRuleFilterByAddress', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeRule') -and (@('ByAssociatedNetIPsecMainModeRule') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeRule}, 'MSFT_NetMainModeRuleFilterByAddress', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByAssociatedNetFirewallRule', 'ByAssociatedNetIPsecRule', 'ByAssociatedNetIPsecMainModeRule', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallAddressFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallAddressFilter' -Alias '*' function Set-NetFirewallAddressFilter { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] param( [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('LocalIP')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RemoteIP')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallAddressFilter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallAddressFilter' -Alias '*' ScriptBlock ID: 965a8579-f88d-4629-907d-9eb13d8636d6 Path:	4104	1		3	2	15	0	313	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-7010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (11 of 11): } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetIPsecMainModeRule' -Alias '*' ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	312	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (10 of 11): [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	311	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 11): ase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetIPsecMainModeRule' -Alias '*' function Disable-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	310	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 11): ryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecMainModeRule' -Alias '*' function Enable-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPh ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	309	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 11): e } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecMainModeRule' -Alias '*' function Copy-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_que ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	308	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 11): ter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $fals ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	307	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 11): AssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecMainModeRule' -Alias '*' function Rename-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parame ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	306	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 11): ings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MainModeCryptoSet')) { [object]$__cmdletization_value = ${MainModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecMainModeRule' -Alias '*' function Remove-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='By ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	305	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 11): ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetMainModeRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetMainModeRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetMainModeRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecMainModeCryptoSet') -and (@('ByAssociatedNetIPsecMainModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecMainModeCryptoSet}, 'MSFT_NetMainModeRuleMMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecMainModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecMainModeRule' -Alias '*' function Set-NetIPsecMainModeRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetMainModeRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${Platform}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bind ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	304	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 11): meter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecMainModeRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecMainModeRule' -Alias '*' function Get-NetIPsecMainModeRule { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetMainModeRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${MainModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEMMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecMainModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecMainModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MainModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MainModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('MainModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet. ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	303	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 11): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetMainModeRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecMainModeRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${Platform}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${MainModeCryptoSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MainModeCryptoSet')) { [object]$__cmdletization_value = ${MainModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MainModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodPara ScriptBlock ID: 42af9b90-6ec1-413a-b1f8-cc423fd02230 Path:	4104	1		3	2	15	0	302	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0004-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (21 of 21): try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Action')) { [object]$__cmdletization_value = ${Action} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.ChangeAction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.ChangeAction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6Addresses')) { [object]$__cmdletization_value = ${IPv6Addresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4Addresses')) { [object]$__cmdletization_value = ${IPv4Addresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Addresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EndpointType')) { [object]$__cmdletization_value = ${EndpointType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Output'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('SetPolicyDelta', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Update-NetIPsecRule' -Alias '*' ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	301	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (20 of 21): T_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Servers')) { [object]$__cmdletization_value = ${Servers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Servers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Servers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Domains')) { [object]$__cmdletization_value = ${Domains} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Domains'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Domains'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EndpointType')) { [object]$__cmdletization_value = ${EndpointType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EndpointType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressType')) { [object]$__cmdletization_value = ${AddressType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.AddressVersion'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.AddressVersion'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Output'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsServers')) { [object]$__cmdletization_value = ${DnsServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('SyncPolicyDelta', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Sync-NetIPsecRule' -Alias '*' function Update-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='Query (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.ChangeAction] ${Action}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [string[]] ${IPv6Addresses}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [string[]] ${IPv4Addresses}, [Parameter(ParameterSetName='Query (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType] ${EndpointType}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	300	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (19 of 21): g[]] ${Servers}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Domains}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EndpointType] ${EndpointType}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.AddressVersion] ${AddressType}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${DnsServers}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSF ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	299	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (18 of 21): tName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetIPsecRule' -Alias '*' function Sync-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [strin ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	298	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (17 of 21): PsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSe ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	297	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (16 of 21): SCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetIPsecRule' -Alias '*' function Disable-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByI ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	296	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (15 of 21): frastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $P ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	295	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (14 of 21): tainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetIPsecRule' -Alias '*' function Enable-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.In ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	294	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (13 of 21): ='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.Con ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	293	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (12 of 21): } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetIPsecRule' -Alias '*' function Copy-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	292	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (11 of 21): ')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	291	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (10 of 21): sKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPsecRule' -Alias '*' function Rename-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	290	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 21): 'ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.Contain ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	289	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 21): zation_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass')) { [object]$__cmdletization_value = ${EncryptedTunnelBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RequireAuthorization')) { [object]$__cmdletization_value = ${RequireAuthorization} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('User')) { [object]$__cmdletization_value = ${User} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Machine')) { [object]$__cmdletization_value = ${Machine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPsecRule' -Alias '*' function Remove-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName= ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	288	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 21): r = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Mode')) { [object]$__cmdletization_value = ${Mode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InboundSecurity')) { [object]$__cmdletization_value = ${InboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OutboundSecurity')) { [object]$__cmdletization_value = ${OutboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet')) { [object]$__cmdletization_value = ${QuickModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase2AuthSet')) { [object]$__cmdletization_value = ${Phase2AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('KeyModule')) { [object]$__cmdletization_value = ${KeyModule} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowWatchKey')) { [object]$__cmdletization_value = ${AllowWatchKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowSetKey')) { [object]$__cmdletization_value = ${AllowSetKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalTunnelEndpoint')) { [object]$__cmdletization_value = ${LocalTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelEndpoint')) { [object]$__cmdletization_value = ${RemoteTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname')) { [object]$__cmdletization_value = ${RemoteTunnelHostname} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForwardPathLifetime')) { [object]$__cmdletization_value = ${ForwardPathLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdleti ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	287	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 21): me')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetConSecRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${Platform}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode] ${Mode}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('SecIn')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${InboundSecurity}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('SecOut')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${OutboundSecurity}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule] ${KeyModule}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${AllowWatchKey}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${AllowSetKey}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalTunnelEndpoint}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteTunnelEndpoint}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${RequireAuthorization}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${User}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Machine}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Protocol}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParamete ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	286	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 21): leName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPsecRuleName}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Mode') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Mode}) $__cmdletization_queryBuilder.FilterByProperty('Mode', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('InboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OutboundSecurity') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OutboundSecurity}) $__cmdletization_queryBuilder.FilterByProperty('OutboundSecurity', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${QuickModeCryptoSet}) $__cmdletization_queryBuilder.FilterByProperty('QuickModeCryptoSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase1AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase1AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase1AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Phase2AuthSet') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Phase2AuthSet}) $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${KeyModule}) $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowWatchKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AllowSetKey}) $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteTunnelHostname}) $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForwardPathLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EncryptedTunnelBypass}) $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RequireAuthorization}) $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${User}) $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Machine}) $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPsecRule' -Alias '*' function Set-NetIPsecRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Na ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	285	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 21): mdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Find', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Find-NetIPsecRule' -Alias '*' function Get-NetIPsecRule { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')] param( [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [ValidateNotNull()] [string[]] ${IPsecRuleName}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]] ${Mode}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecIn')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${InboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [Alias('SecOut')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]] ${OutboundSecurity}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase1AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Phase2AuthSet}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]] ${KeyModule}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowWatchKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${AllowSetKey}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [uint32[]] ${ForwardPathLifetime}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${RequireAuthorization}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${User}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Machine}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase2AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecPhase1AuthSet}, [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')] [ValidateNotNull()] [ciminstance] ${AssociatedNetIPsecQuickModeCryptoSet}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByIPsecRuleName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')] [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByIPsecRu ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	284	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 21): ation_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPsecRule' -Alias '*' function Show-NetIPsecRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement')] param( [Parameter(ParameterSetName='EnumerateFull1')] [string] ${PolicyStore}, [Parameter(ParameterSetName='EnumerateFull1')] [string] ${GPOSession}, [Parameter(ParameterSetName='EnumerateFull1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='EnumerateFull1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='EnumerateFull1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Dependents'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('EnumerateFull', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Show-NetIPsecRule' -Alias '*' function Find-NetIPsecRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='Find2')] [string] ${LocalAddress}, [Parameter(ParameterSetName='Find2', Mandatory=$true)] [string] ${RemoteAddress}, [Parameter(ParameterSetName='Find2')] [string] ${Protocol}, [Parameter(ParameterSetName='Find2')] [uint16] ${LocalPort}, [Parameter(ParameterSetName='Find2')] [uint16] ${RemotePort}, [Parameter(ParameterSetName='Find2')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Find2')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Find2')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__c ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	283	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 21): e} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InboundSecurity')) { [object]$__cmdletization_value = ${InboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OutboundSecurity')) { [object]$__cmdletization_value = ${OutboundSecurity} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OutboundSecurity'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QuickModeCryptoSet')) { [object]$__cmdletization_value = ${QuickModeCryptoSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QuickModeCryptoSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase1AuthSet')) { [object]$__cmdletization_value = ${Phase1AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase1AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Phase2AuthSet')) { [object]$__cmdletization_value = ${Phase2AuthSet} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Phase2AuthSet'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('KeyModule')) { [object]$__cmdletization_value = ${KeyModule} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'KeyModule'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowWatchKey')) { [object]$__cmdletization_value = ${AllowWatchKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowWatchKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AllowSetKey')) { [object]$__cmdletization_value = ${AllowSetKey} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AllowSetKey'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalTunnelEndpoint')) { [object]$__cmdletization_value = ${LocalTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelEndpoint')) { [object]$__cmdletization_value = ${RemoteTunnelEndpoint} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpoint'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname')) { [object]$__cmdletization_value = ${RemoteTunnelHostname} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteTunnelEndpointDNSName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForwardPathLifetime')) { [object]$__cmdletization_value = ${ForwardPathLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxReturnPathLifetimeSeconds'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass')) { [object]$__cmdletization_value = ${EncryptedTunnelBypass} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BypassTunnelIfEncrypted'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RequireAuthorization')) { [object]$__cmdletization_value = ${RequireAuthorization} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RequireAuthorization'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('User')) { [object]$__cmdletization_value = ${User} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Users'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Machine')) { [object]$__cmdletization_value = ${Machine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Machines'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletiz ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	282	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 21): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetConSecRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPsecRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0', ValueFromPipelineByPropertyName=$true)] [Alias('ID','Name')] [string] ${IPsecRuleName}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${Platform}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode] ${Mode}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('SecIn')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${InboundSecurity}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('SecOut')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy] ${OutboundSecurity}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${QuickModeCryptoSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Phase1AuthSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Phase2AuthSet}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule] ${KeyModule}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${AllowWatchKey}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${AllowSetKey}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalTunnelEndpoint}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteTunnelEndpoint}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${RemoteTunnelHostname}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint32] ${ForwardPathLifetime}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${EncryptedTunnelBypass}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${RequireAuthorization}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${User}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Machine}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Protocol}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPsecRuleName')) { [object]$__cmdletization_value = ${IPsecRuleName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Mode')) { [object]$__cmdletization_value = ${Mode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Mode'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $tru ScriptBlock ID: 67270eb7-3033-488e-a366-5086d3c423bf Path:	4104	1		3	2	15	0	281	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:43 PM	ca610e00-1c3c-0000-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (21 of 21): efault') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetFirewallRule' -Alias '*' ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	280	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (20 of 21): [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'D ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	279	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (19 of 21): undParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetFirewallRule' -Alias '*' function Disable-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	278	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (18 of 21): Filter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBo ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	277	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (17 of 21): ilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Copy-NetFirewallRule' -Alias '*' function Enable-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPort ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	276	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (16 of 21): Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceF ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	275	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (15 of 21): ation_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetFirewallRule' -Alias '*' function Copy-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewPolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewGPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [ ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	274	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (14 of 21): ilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletiz ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	273	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (13 of 21): rosoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', Mandatory=$true)] [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByQuery', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true)] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true)] [Parameter(ParameterSetName='GetAll', Mandatory=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true)] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBu ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	272	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (12 of 21): ') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetFirewallRule' -Alias '*' function Rename-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Mic ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	271	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (11 of 21): Name('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuilder.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	270	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (10 of 21): s = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUser')) { [object]$__cmdletization_value = ${RemoteUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachine')) { [object]$__cmdletization_value = ${RemoteMachine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteMachine'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteMachine'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Authentication')) { [object]$__cmdletization_value = ${Authentication} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Encryption')) { [object]$__cmdletization_value = ${Encryption} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OverrideBlockRules')) { [object]$__cmdletization_value = ${OverrideBlockRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetFirewallRule' -Alias '*' function Remove-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSType ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	269	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 21): ion_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpType')) { [object]$__cmdletization_value = ${IcmpType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicTarget')) { [object]$__cmdletization_value = ${DynamicTarget} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Program')) { [object]$__cmdletization_value = ${Program} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Program'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Program'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Package')) { [object]$__cmdletization_value = ${Package} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Service')) { [object]$__cmdletization_value = ${Service} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Service'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Service'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalUser')) { [object]$__cmdletization_value = ${LocalUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalUser'; ParameterType = 'System.String'; Binding ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	268	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 21): ion_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByDisplayName', 'ByDisplayGroup', 'ByGroup', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewDisplayName')) { [object]$__cmdletization_value = ${NewDisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Direction')) { [object]$__cmdletization_value = ${Direction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Direction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Direction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Action')) { [object]$__cmdletization_value = ${Action} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy')) { [object]$__cmdletization_value = ${EdgeTraversalPolicy} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EdgeTraversalPolicy'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EdgeTraversalPolicy'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LooseSourceMapping')) { [object]$__cmdletization_value = ${LooseSourceMapping} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LooseSourceMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LooseSourceMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalOnlyMapping')) { [object]$__cmdletization_value = ${LocalOnlyMapping} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalOnlyMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalOnlyMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Owner')) { [object]$__cmdletization_value = ${Owner} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Owner'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Owner'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletizat ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	267	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 21): arameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${Platform}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction] ${Direction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${Action}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('LSM')] [bool] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Owner}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Protocol}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${IcmpType}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('DynamicTransport')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport] ${DynamicTarget}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Program}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Package}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Service}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LocalUser}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteUser}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${RemoteMachine}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication] ${Authentication}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption] ${Encryption}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${OverrideBlockRules}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByDisplayGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByGroup') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletizat ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	266	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 21): der.FilterByProperty('Enabled', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Direction') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Direction}) $__cmdletization_queryBuilder.FilterByProperty('Direction', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Action') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Action}) $__cmdletization_queryBuilder.FilterByProperty('Action', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EdgeTraversalPolicy}) $__cmdletization_queryBuilder.FilterByProperty('EdgeTraversalPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LooseSourceMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LooseSourceMapping}) $__cmdletization_queryBuilder.FilterByProperty('LooseSourceMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalOnlyMapping') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalOnlyMapping}) $__cmdletization_queryBuilder.FilterByProperty('LocalOnlyMapping', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Owner') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Owner}) $__cmdletization_queryBuilder.FilterByProperty('Owner', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrimaryStatus}) $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSource}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PolicyStoreSourceType}) $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetFirewallRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallApplicationFilter') -and (@('ByAssociatedNetFirewallApplicationFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallApplicationFilter}, 'MSFT_NetFirewallRuleFilterByApplication', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetFirewallRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetFirewallRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetFirewallRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallSecurityFilter') -and (@('ByAssociatedNetFirewallSecurityFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallSecurityFilter}, 'MSFT_NetFirewallRuleFilterBySecurity', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallServiceFilter') -and (@('ByAssociatedNetFirewallServiceFilter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallServiceFilter}, 'MSFT_NetFirewallRuleFilterByService', 'PartComponent', 'GroupComponent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetFirewallRuleInProfile', 'GroupComponent', 'PartComponent', 'Default') } if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('All', ${All}) } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallApplicationFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallSecurityFilter', 'ByAssociatedNetFirewallServiceFilter', 'ByAssociatedNetFirewallProfile', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetFirewallRule' -Alias '*' function Set-NetFirewallRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByDisplayGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByGroup', Mandatory=$true)] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [string] ${GPOSession}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetFirewallRule')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${NewDisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${Description}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByDisplayGroup')] [Parameter(ParameterSetName='ByGroup')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(P ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	265	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 21): [ValidateNotNull()] [bool[]] ${LocalOnlyMapping}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Owner}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]] ${PrimaryStatus}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Status}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${PolicyStoreSource}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]] ${PolicyStoreSourceType}, [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallAddressFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetApplicationFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallApplicationFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallInterfaceTypeFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallPortFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNetworkLayerSecurityFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallSecurityFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetServiceFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallServiceFilter}, [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')] [ValidateNotNull()] [ciminstance] ${AssociatedNetFirewallProfile}, [Parameter(ParameterSetName='GetAll')] [switch] ${All}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [string] ${GPOSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${TracePolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByDisplayName')] [Parameter(ParameterSetName='ByQuery')] [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallApplicationFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallSecurityFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallServiceFilter')] [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')] [Parameter(ParameterSetName='GetAll')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Description}) $__cmdletization_queryBuilder.FilterByProperty('Description', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayGroup') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayGroup}) $__cmdletization_queryBuilder.FilterByProperty('DisplayGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Group') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Group}) $__cmdletization_queryBuilder.FilterByProperty('RuleGroup', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Enabled') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Enabled}) $__cmdletization_queryBuil ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	264	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 21): ion_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Authentication')) { [object]$__cmdletization_value = ${Authentication} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Authentication'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Encryption')) { [object]$__cmdletization_value = ${Encryption} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Encryption'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OverrideBlockRules')) { [object]$__cmdletization_value = ${OverrideBlockRules} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:OverrideBlockRules'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetFirewallRule' -Alias '*' function Show-NetFirewallRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement')] param( [Parameter(ParameterSetName='EnumerateFull1')] [string] ${PolicyStore}, [Parameter(ParameterSetName='EnumerateFull1')] [string] ${GPOSession}, [Parameter(ParameterSetName='EnumerateFull1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='EnumerateFull1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='EnumerateFull1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Dependents'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/NetSecurityDeepEnumElement' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('EnumerateFull', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetFirewallRule.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Show-NetFirewallRule' -Alias '*' function Get-NetFirewallRule { [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallRule')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ID')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Description}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${DisplayGroup}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [string[]] ${Group}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]] ${Enabled}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction[]] ${Direction}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action[]] ${Action}, [Parameter(ParameterSetName='ByQuery')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal[]] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='ByQuery')] [Alias('LSM')] [ValidateNotNull()] [bool[]] ${LooseSourceMapping}, [Parameter(ParameterSetName='ByQuery')] ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	263	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 21): $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPort')) { [object]$__cmdletization_value = ${LocalPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalPort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePort')) { [object]$__cmdletization_value = ${RemotePort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemotePort'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpType')) { [object]$__cmdletization_value = ${IcmpType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IcmpType'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicTarget')) { [object]$__cmdletization_value = ${DynamicTarget} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:DynamicTransport'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Program')) { [object]$__cmdletization_value = ${Program} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Program'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Program'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Package')) { [object]$__cmdletization_value = ${Package} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Package'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Service')) { [object]$__cmdletization_value = ${Service} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Service'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Service'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceAlias'; ParameterType = 'System.Management.Automation.WildcardPattern[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceType')) { [object]$__cmdletization_value = ${InterfaceType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:InterfaceType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalUser')) { [object]$__cmdletization_value = ${LocalUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteUser')) { [object]$__cmdletization_value = ${RemoteUser} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteUser'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteMachine')) { [object]$__cmdletization_value = ${RemoteMachine} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteMachine'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteMachine'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletizat ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	262	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 21): tion_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Group')) { [object]$__cmdletization_value = ${Group} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RuleGroup'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profiles'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Platform')) { [object]$__cmdletization_value = ${Platform} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Platforms'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Direction')) { [object]$__cmdletization_value = ${Direction} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Direction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Direction'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Action')) { [object]$__cmdletization_value = ${Action} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Action'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EdgeTraversalPolicy')) { [object]$__cmdletization_value = ${EdgeTraversalPolicy} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EdgeTraversalPolicy'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EdgeTraversalPolicy'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LooseSourceMapping')) { [object]$__cmdletization_value = ${LooseSourceMapping} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LooseSourceMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LooseSourceMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalOnlyMapping')) { [object]$__cmdletization_value = ${LocalOnlyMapping} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalOnlyMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalOnlyMapping'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Owner')) { [object]$__cmdletization_value = ${Owner} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Owner'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Owner'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalAddress')) { [object]$__cmdletization_value = ${LocalAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:LocalAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteAddress')) { [object]$__cmdletization_value = ${RemoteAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:RemoteAddress'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Protocol'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	261	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 21): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/standardcimv2/MSFT_NetFirewallRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetFirewallRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${PolicyStore}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${GPOSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('ID')] [string] ${Name}, [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Description}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Group}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled] ${Enabled}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Profile] ${Profile}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${Platform}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Direction] ${Direction}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Action] ${Action}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.EdgeTraversal] ${EdgeTraversalPolicy}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('LSM')] [bool] ${LooseSourceMapping}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${LocalOnlyMapping}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Owner}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Protocol}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${LocalPort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${RemotePort}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string[]] ${IcmpType}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('DynamicTransport')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.DynamicTransport] ${DynamicTarget}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Program}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Package}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${Service}, [Parameter(ParameterSetName='cim:CreateInstance0')] [WildcardPattern[]] ${InterfaceAlias}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.InterfaceType] ${InterfaceType}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${LocalUser}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${RemoteUser}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${RemoteMachine}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Authentication] ${Authentication}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Encryption] ${Encryption}, [Parameter(ParameterSetName='cim:CreateInstance0')] [bool] ${OverrideBlockRules}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GPOSession')) { [object]$__cmdletization_value = ${GPOSession} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:GPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InstanceID'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ElementName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Description')) { [object]$__cmdletization_value = ${Description} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Description'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletiza ScriptBlock ID: c2ff66aa-ba41-4bbc-a049-da632913939d Path:	4104	1		3	2	15	0	260	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5b10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Michael Eaton <meaton@iforium.com> # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $firewall_profiles = @('Domain', 'Private', 'Public') $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -default @("Domain", "Private", "Public") $state = Get-AnsibleParam -obj $params -name "state" -type "str" -failifempty $true -validateset 'disabled','enabled' $result = @{ changed = $false profiles = $profiles state = $state } if ($PSVersionTable.PSVersion -lt [Version]"5.0") { Fail-Json $result "win_firewall requires Windows Management Framework 5 or higher." } Try { ForEach ($profile in $firewall_profiles) { $currentstate = (Get-NetFirewallProfile -Name $profile).Enabled $result.$profile = @{ enabled = ($currentstate -eq 1) considered = ($profiles -contains $profile) currentstate = $currentstate } if ($profiles -notcontains $profile) { continue } if ($state -eq 'enabled') { if ($currentstate -eq $false) { Set-NetFirewallProfile -name $profile -Enabled true -WhatIf:$check_mode $result.changed = $true $result.$profile.enabled = $true } } else { if ($currentstate -eq $true) { Set-NetFirewallProfile -name $profile -Enabled false -WhatIf:$check_mode $result.changed = $true $result.$profile.enabled = $false } } } } Catch { Fail-Json $result "an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)" } Exit-Json $result ScriptBlock ID: 99a38338-668d-4a13-9a5a-d3ca6725dca7 Path:	4104	1		3	2	15	0	259	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	2800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-5210-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 25c7f3c7-80a1-4ae3-8838-9800922975f5 Path:	4104	1		3	2	15	0	258	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	3596	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:42 PM	ca610e00-1c3c-0000-4f10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9a1eaf37-c388-4c1f-bb3b-49a054315cdf Path:	4104	1		3	2	15	0	257	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	3596	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:41 PM	ca610e00-1c3c-0000-4010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): YWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIE1pY2hhZWwgRWF0b24gPG1lYXRvbkBpZm9yaXVtLmNvbT4KIyBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2My4wKyAoc2VlIENPUFlJTkcgb3IgaHR0cHM6Ly93d3cuZ251Lm9yZy9saWNlbnNlcy9ncGwtMy4wLnR4dCkKCiNSZXF1aXJlcyAtTW9kdWxlIEFuc2libGUuTW9kdWxlVXRpbHMuTGVnYWN5CgokRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIlN0b3AiCiRmaXJld2FsbF9wcm9maWxlcyA9IEAoJ0RvbWFpbicsICdQcml2YXRlJywgJ1B1YmxpYycpCgokcGFyYW1zID0gUGFyc2UtQXJncyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCgokcHJvZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicHJvZmlsZXMiIC10eXBlICJsaXN0IiAtZGVmYXVsdCBAKCJEb21haW4iLCAiUHJpdmF0ZSIsICJQdWJsaWMiKQokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZSAtdmFsaWRhdGVzZXQgJ2Rpc2FibGVkJywnZW5hYmxlZCcKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQogICAgcHJvZmlsZXMgPSAkcHJvZmlsZXMKICAgIHN0YXRlID0gJHN0YXRlCn0KCmlmICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uIC1sdCBbVmVyc2lvbl0iNS4wIikgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIndpbl9maXJld2FsbCByZXF1aXJlcyBXaW5kb3dzIE1hbmFnZW1lbnQgRnJhbWV3b3JrIDUgb3IgaGlnaGVyLiIKfQoKVHJ5IHsKCiAgICBGb3JFYWNoICgkcHJvZmlsZSBpbiAkZmlyZXdhbGxfcHJvZmlsZXMpIHsKCiAgICAgICAgJGN1cnJlbnRzdGF0ZSA9IChHZXQtTmV0RmlyZXdhbGxQcm9maWxlIC1OYW1lICRwcm9maWxlKS5FbmFibGVkCiAgICAgICAgJHJlc3VsdC4kcHJvZmlsZSA9IEB7CiAgICAgICAgICAgIGVuYWJsZWQgPSAoJGN1cnJlbnRzdGF0ZSAtZXEgMSkKICAgICAgICAgICAgY29uc2lkZXJlZCA9ICgkcHJvZmlsZXMgLWNvbnRhaW5zICRwcm9maWxlKQogICAgICAgICAgICBjdXJyZW50c3RhdGUgPSAkY3VycmVudHN0YXRlCiAgICAgICAgfQoKICAgICAgICBpZiAoJHByb2ZpbGVzIC1ub3Rjb250YWlucyAkcHJvZmlsZSkgewogICAgICAgICAgICBjb250aW51ZQogICAgICAgIH0KCiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgJ2VuYWJsZWQnKSB7CgogICAgICAgICAgICBpZiAoJGN1cnJlbnRzdGF0ZSAtZXEgJGZhbHNlKSB7CiAgICAgICAgICAgICAgICBTZXQtTmV0RmlyZXdhbGxQcm9maWxlIC1uYW1lICRwcm9maWxlIC1FbmFibGVkIHRydWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgICAgICAgICAgICAgICRyZXN1bHQuJHByb2ZpbGUuZW5hYmxlZCA9ICR0cnVlCiAgICAgICAgICAgIH0KCiAgICAgICAgfSBlbHNlIHsKCiAgICAgICAgICAgIGlmICgkY3VycmVudHN0YXRlIC1lcSAkdHJ1ZSkgewogICAgICAgICAgICAgICAgU2V0LU5ldEZpcmV3YWxsUHJvZmlsZSAtbmFtZSAkcHJvZmlsZSAtRW5hYmxlZCBmYWxzZSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgICAgICAgICAgICAgJHJlc3VsdC4kcHJvZmlsZS5lbmFibGVkID0gJGZhbHNlCiAgICAgICAgICAgIH0KCiAgICAgICAgfQogICAgfQp9IENhdGNoIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJhbiBlcnJvciBvY2N1cnJlZCB3aGVuIGF0dGVtcHRpbmcgdG8gY2hhbmdlIGZpcmV3YWxsIHN0YXR1cyBmb3IgcHJvZmlsZSAkcHJvZmlsZSAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_firewall", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "profiles": ["Domain", "Private", "Public"], "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "disabled", "_ansible_diff": false, "_ansible_keep_remote_files": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1fd38818-1d31-47e2-94dc-61d873426b13 Path:	4104	1		3	2	15	0	256	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	3596	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:41 PM	ca610e00-1c3c-0003-db0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBm ScriptBlock ID: 1fd38818-1d31-47e2-94dc-61d873426b13 Path:	4104	1		3	2	15	0	255	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	3596	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:41 PM	ca610e00-1c3c-0003-db0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	254	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	3960	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:41 PM	ca610e00-1c3c-0004-a20f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2252 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	253	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	1460	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:41 PM	ca610e00-1c3c-0004-a20f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	252	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2252	3960	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:41 PM	ca610e00-1c3c-0004-a20f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 8ad392e3-ef4e-47e0-aac4-7e2a3e7d62c1 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ac95076a-180b-4732-ab4f-9c5e6b3ed6c0 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	251	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1264	2396	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:40 PM	ca610e00-1c3c-0000-2f10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 64a44277-10dc-4432-885a-c3d1c560183b Path:	4104	1		3	2	15	0	250	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1264	2396	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:40 PM	ca610e00-1c3c-0000-2010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9bcee93d-aa31-4094-84f4-c7c2fc836fec Path:	4104	1		3	2	15	0	249	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1264	2764	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:40 PM	ca610e00-1c3c-0005-6f10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 3a71a714-a93c-43ec-8f36-df624b33f505 Path:	4104	1		3	2	15	0	248	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1264	2764	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:40 PM	ca610e00-1c3c-0005-6010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): Wxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: eaf3dabb-b8cb-4a3d-b345-cc7bf2ff8344 Path:	4104	1		3	2	15	0	247	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1264	2764	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:39 PM	ca610e00-1c3c-0000-1010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkY ScriptBlock ID: eaf3dabb-b8cb-4a3d-b345-cc7bf2ff8344 Path:	4104	1		3	2	15	0	246	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1264	2764	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:39 PM	ca610e00-1c3c-0000-1010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	245	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1264	3788	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:39 PM	ca610e00-1c3c-0003-d20f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1264 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	244	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1264	736	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:39 PM	ca610e00-1c3c-0003-d20f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	243	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1264	3788	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:39 PM	ca610e00-1c3c-0003-d20f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = e3796e6e-7afe-4c87-9519-ba19e9b83921 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = dc41da6a-7357-4a37-926d-1dd32ad398e9 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	242	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1700	3132	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:39 PM	ca610e00-1c3c-0004-950f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 9daa4e1f-044c-42d2-9aca-7ecdcac3553a Path:	4104	1		3	2	15	0	241	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1700	3132	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:39 PM	ca610e00-1c3c-0004-860f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 050c275a-032e-4f3a-8f48-1f5914a7120f Path:	4104	1		3	2	15	0	240	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1700	1400	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:38 PM	ca610e00-1c3c-0001-6d10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 740dd3a5-225b-4798-816e-4b13bc584e1a Path:	4104	1		3	2	15	0	239	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1700	1400	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:38 PM	ca610e00-1c3c-0002-a010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): wogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "C:\\ProgramData\\pip", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: cd274823-3c7a-4bcf-b26e-f9bfc51fa148 Path:	4104	1		3	2	15	0	238	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1700	1400	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:38 PM	ca610e00-1c3c-0001-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAge ScriptBlock ID: cd274823-3c7a-4bcf-b26e-f9bfc51fa148 Path:	4104	1		3	2	15	0	237	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1700	1400	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:38 PM	ca610e00-1c3c-0001-6610-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	236	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1700	2960	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:38 PM	ca610e00-1c3c-0004-850f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1700 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	235	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1700	3980	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:38 PM	ca610e00-1c3c-0004-850f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	234	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1700	2960	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:38 PM	ca610e00-1c3c-0004-850f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = dd0b0658-c287-43b9-990e-b01bb6db2492 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = f5edf90d-00f0-4873-934b-9f06f4989506 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	233	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	3160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:38 PM	ca610e00-1c3c-0003-c60f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: c94c0317-8f44-4c8c-a362-47efd8b6d722 Path:	4104	1		3	2	15	0	232	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	3160	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:37 PM	ca610e00-1c3c-0003-b70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3318482d-9dea-45a3-948e-e1e02c56ec94 Path:	4104	1		3	2	15	0	231	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	3580	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:37 PM	ca610e00-1c3c-0003-b60f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: ccd378c5-503a-4b57-9ebb-d8af0e6c11b5 Path:	4104	1		3	2	15	0	230	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	3580	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:37 PM	ca610e00-1c3c-0003-a70f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): es a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 987635d3-5961-43d6-a25a-c766d16195e1 Path:	4104	1		3	2	15	0	229	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	3580	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:37 PM	ca610e00-1c3c-0003-a10f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\python27", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requir ScriptBlock ID: 987635d3-5961-43d6-a25a-c766d16195e1 Path:	4104	1		3	2	15	0	228	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	3580	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:37 PM	ca610e00-1c3c-0003-a10f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): CIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3 ScriptBlock ID: 987635d3-5961-43d6-a25a-c766d16195e1 Path:	4104	1		3	2	15	0	227	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	3580	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:37 PM	ca610e00-1c3c-0003-a10f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0I ScriptBlock ID: 987635d3-5961-43d6-a25a-c766d16195e1 Path:	4104	1		3	2	15	0	226	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	3580	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:37 PM	ca610e00-1c3c-0003-a10f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	225	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	168	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:37 PM	ca610e00-1c3c-0004-720f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1252 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	224	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	2940	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:36 PM	ca610e00-1c3c-0004-720f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	223	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1252	168	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:36 PM	ca610e00-1c3c-0004-720f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 6dbe7ed5-d97f-487b-8b90-5973f3bc9955 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 956f9ae0-e050-42bf-a62c-1d544ea7d20d Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	222	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	808	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:36 PM	ca610e00-1c3c-0001-5810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 4d604d36-9a18-4139-8b3b-3e6b5df7f26c Path:	4104	1		3	2	15	0	221	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	808	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:36 PM	ca610e00-1c3c-0001-4910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b00cebba-464a-4e46-921d-f5e97320f141 Path:	4104	1		3	2	15	0	220	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	1264	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:36 PM	ca610e00-1c3c-0005-3c10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c719ead9-0503-4b45-a130-6bcf2919491e Path:	4104	1		3	2	15	0	219	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	1264	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:36 PM	ca610e00-1c3c-0005-2d10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): lvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\build", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: ec982927-2c7a-47f3-a015-975587f03882 Path:	4104	1		3	2	15	0	218	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	1264	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:35 PM	ca610e00-1c3c-0005-2710-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): CByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdG ScriptBlock ID: ec982927-2c7a-47f3-a015-975587f03882 Path:	4104	1		3	2	15	0	217	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	1264	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:35 PM	ca610e00-1c3c-0005-2710-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZ ScriptBlock ID: ec982927-2c7a-47f3-a015-975587f03882 Path:	4104	1		3	2	15	0	216	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	1264	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:35 PM	ca610e00-1c3c-0005-2710-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	215	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	592	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:35 PM	ca610e00-1c3c-0003-980f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3340 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	214	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	1612	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:35 PM	ca610e00-1c3c-0003-980f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	213	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3340	592	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:35 PM	ca610e00-1c3c-0003-980f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = fab2f710-b5e1-471d-9333-555b33248a33 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 3d19b576-a1f1-4aea-b35c-6fc9d14f5fbf Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	212	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	3060	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:35 PM	ca610e00-1c3c-0001-3f10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: b48e11aa-2126-42dd-b799-aee6135b2598 Path:	4104	1		3	2	15	0	211	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	3060	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:35 PM	ca610e00-1c3c-0001-3010-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3e377a2a-1ecf-47d1-962c-33fd03ce928f Path:	4104	1		3	2	15	0	210	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	2128	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:35 PM	ca610e00-1c3c-0002-7c10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 24a2ce11-24fd-4053-8587-ac21b147a69c Path:	4104	1		3	2	15	0	209	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	2128	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:34 PM	ca610e00-1c3c-0001-2510-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): Y3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\event-log", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1f31a25e-b17b-4cff-967a-89c90b0c94e4 Path:	4104	1		3	2	15	0	208	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	2128	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:34 PM	ca610e00-1c3c-0001-1f10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNl ScriptBlock ID: 1f31a25e-b17b-4cff-967a-89c90b0c94e4 Path:	4104	1		3	2	15	0	207	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	2128	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:34 PM	ca610e00-1c3c-0001-1f10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	206	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	2884	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:34 PM	ca610e00-1c3c-0004-680f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2008 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	205	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	3344	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:34 PM	ca610e00-1c3c-0004-680f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	204	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2008	2884	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:34 PM	ca610e00-1c3c-0004-680f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = abf3f0cf-0a0a-4e60-860c-7b63f9e3302c Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = d65aac99-8ef4-48c4-bf4e-439f39253a65 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	203	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	892	3056	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:34 PM	ca610e00-1c3c-0004-630f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 7925f165-eee1-4fce-b4fc-1f96defda824 Path:	4104	1		3	2	15	0	202	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	892	3056	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:33 PM	ca610e00-1c3c-0004-540f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 14493c30-6a39-4b87-b0fc-21b696c3f70d Path:	4104	1		3	2	15	0	201	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	892	1288	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:33 PM	ca610e00-1c3c-0003-7c0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 86d53200-c4e8-46b4-89c9-0d531dd5c1bd Path:	4104	1		3	2	15	0	200	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	892	1288	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:33 PM	ca610e00-1c3c-0003-6d0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): aWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "C:\\openstack\\instances", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f54f670f-91a7-4495-b0c3-7c8a786c2a2d Path:	4104	1		3	2	15	0	199	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	892	1288	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:33 PM	ca610e00-1c3c-0003-670f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBT ScriptBlock ID: f54f670f-91a7-4495-b0c3-7c8a786c2a2d Path:	4104	1		3	2	15	0	198	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	892	1288	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:33 PM	ca610e00-1c3c-0003-670f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	197	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	892	2940	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:33 PM	ca610e00-1c3c-0004-530f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 892 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	196	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	892	2436	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:33 PM	ca610e00-1c3c-0004-530f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	195	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	892	2940	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:33 PM	ca610e00-1c3c-0004-530f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 3ab72e47-6daf-4ae0-afbb-d0159777b11d Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 70e845d5-2326-4e3a-a3ff-95d014bc7f4a Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	194	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	1264	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:32 PM	ca610e00-1c3c-0001-1810-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: dd88a5f0-d4f5-42a2-a95e-f35a2163baac Path:	4104	1		3	2	15	0	193	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	1264	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:32 PM	ca610e00-1c3c-0001-0910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 15d78c41-77ce-4822-b4bb-11b1f397f2e7 Path:	4104	1		3	2	15	0	192	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	3136	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:32 PM	ca610e00-1c3c-0005-0310-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 97c9caf5-29ff-45fb-bfbb-34bd2f7bd6eb Path:	4104	1		3	2	15	0	191	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	3136	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:32 PM	ca610e00-1c3c-0005-f40f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): sZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\lock", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 8768abdc-01dd-43ed-95c7-5b87f0104223 Path:	4104	1		3	2	15	0	190	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	3136	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:32 PM	ca610e00-1c3c-0000-e40f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZml ScriptBlock ID: 8768abdc-01dd-43ed-95c7-5b87f0104223 Path:	4104	1		3	2	15	0	189	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	3136	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:32 PM	ca610e00-1c3c-0000-e40f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAg ScriptBlock ID: 8768abdc-01dd-43ed-95c7-5b87f0104223 Path:	4104	1		3	2	15	0	188	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	3136	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:32 PM	ca610e00-1c3c-0000-e40f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	187	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	3788	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:31 PM	ca610e00-1c3c-0003-640f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3364 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	186	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	3840	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:31 PM	ca610e00-1c3c-0003-640f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	185	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3364	3788	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:31 PM	ca610e00-1c3c-0003-640f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 9f37a18e-abd0-44ba-ae25-6563b1630499 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = e8161395-c177-4989-9ccb-a653968691b1 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	184	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	3804	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:31 PM	ca610e00-1c3c-0005-ec0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: d4c00f90-c0ce-453e-a985-dcf078189bca Path:	4104	1		3	2	15	0	183	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	3804	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:31 PM	ca610e00-1c3c-0001-fb0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4a2a1bb4-ba65-4b3b-b1fa-17abba97d439 Path:	4104	1		3	2	15	0	182	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	2824	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:31 PM	ca610e00-1c3c-0003-610f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a9234764-bf85-4bef-b8d7-104e8fa099a5 Path:	4104	1		3	2	15	0	181	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	2824	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:30 PM	ca610e00-1c3c-0001-e80f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): gICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\python38", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 941baa73-67f0-4266-b94e-e8a1d09b4007 Path:	4104	1		3	2	15	0	180	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	2824	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:30 PM	ca610e00-1c3c-0001-e20f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwo ScriptBlock ID: 941baa73-67f0-4266-b94e-e8a1d09b4007 Path:	4104	1		3	2	15	0	179	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	2824	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:30 PM	ca610e00-1c3c-0001-e20f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	178	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	2016	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:30 PM	ca610e00-1c3c-0004-400f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 176 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	177	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	3344	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:30 PM	ca610e00-1c3c-0004-400f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	176	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	176	2016	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:30 PM	ca610e00-1c3c-0004-400f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = c865422b-d96d-4972-bdd7-c0ef3fa11065 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = d1cb636c-4f11-4f19-a22c-2a2ce37673df Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	175	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	1164	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:30 PM	ca610e00-1c3c-0000-d90f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: bf871475-84f2-4a3c-bb53-a8155e6bfd4a Path:	4104	1		3	2	15	0	174	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	1164	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:30 PM	ca610e00-1c3c-0003-520f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 55d0f409-b66f-4bac-9299-ba5d9d13fdf9 Path:	4104	1		3	2	15	0	173	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	3960	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:29 PM	ca610e00-1c3c-0003-450f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 17bac7c6-94b8-417c-a1f8-136d53169072 Path:	4104	1		3	2	15	0	172	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	3960	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:29 PM	ca610e00-1c3c-0003-360f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): zY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\etc", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c0ec9f74-576a-4102-b6f6-517a4231f5c2 Path:	4104	1		3	2	15	0	171	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	3960	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:29 PM	ca610e00-1c3c-0003-300f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiB ScriptBlock ID: c0ec9f74-576a-4102-b6f6-517a4231f5c2 Path:	4104	1		3	2	15	0	170	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	3960	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:29 PM	ca610e00-1c3c-0003-300f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	169	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	3800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:29 PM	ca610e00-1c3c-0004-350f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1484 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	168	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	4016	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:29 PM	ca610e00-1c3c-0004-350f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	167	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1484	3800	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:29 PM	ca610e00-1c3c-0004-350f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 97a69fe8-c810-42b2-9e00-c541c4bceb41 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = b8ea98ed-968c-4578-93eb-3e7714edb322 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	166	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	1460	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:29 PM	ca610e00-1c3c-0002-5910-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 6970309a-811c-49c8-8770-a20dcc0b2a7f Path:	4104	1		3	2	15	0	165	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	1460	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:28 PM	ca610e00-1c3c-0003-280f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 90b53ce7-70f4-4326-98ad-14002c184551 Path:	4104	1		3	2	15	0	164	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:28 PM	ca610e00-1c3c-0005-bb0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: bf2362f0-a016-4190-b924-9369e1100cc9 Path:	4104	1		3	2	15	0	163	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:28 PM	ca610e00-1c3c-0005-ac0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 11ee1135-dfba-46de-9ad1-edcda8a35bfc Path:	4104	1		3	2	15	0	162	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:28 PM	ca610e00-1c3c-0000-be0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): AgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiA ScriptBlock ID: 11ee1135-dfba-46de-9ad1-edcda8a35bfc Path:	4104	1		3	2	15	0	161	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:28 PM	ca610e00-1c3c-0000-be0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgIC ScriptBlock ID: 11ee1135-dfba-46de-9ad1-edcda8a35bfc Path:	4104	1		3	2	15	0	160	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:28 PM	ca610e00-1c3c-0000-be0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	159	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	3580	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:28 PM	ca610e00-1c3c-0003-200f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4060 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	158	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	3136	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:28 PM	ca610e00-1c3c-0003-200f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	157	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4060	3580	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:27 PM	ca610e00-1c3c-0003-200f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = f49905b0-9e30-4ffe-91a3-394a3a18ceaf Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 49409853-8cfd-4292-ae68-ad1d0acd3bff Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	156	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	2904	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:27 PM	ca610e00-1c3c-0002-4c10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 7e0e4b27-cc44-4a05-a917-d98118914e35 Path:	4104	1		3	2	15	0	155	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	2904	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:27 PM	ca610e00-1c3c-0002-3d10-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 169c1e71-1c72-4da6-8f65-fb8dba779528 Path:	4104	1		3	2	15	0	154	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	1780	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:27 PM	ca610e00-1c3c-0005-9f0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a50b775e-c02d-44d6-bfe8-b08d436fd82c Path:	4104	1		3	2	15	0	153	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	1780	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:27 PM	ca610e00-1c3c-0005-960f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\tmp", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 20ed59ad-f433-4e58-9ed2-44dbc05058af Path:	4104	1		3	2	15	0	152	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	1780	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:26 PM	ca610e00-1c3c-0003-1d0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): AgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5 ScriptBlock ID: 20ed59ad-f433-4e58-9ed2-44dbc05058af Path:	4104	1		3	2	15	0	151	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	1780	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:26 PM	ca610e00-1c3c-0003-1d0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgIC ScriptBlock ID: 20ed59ad-f433-4e58-9ed2-44dbc05058af Path:	4104	1		3	2	15	0	150	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	1780	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:26 PM	ca610e00-1c3c-0003-1d0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	149	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	808	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:26 PM	ca610e00-1c3c-0003-1b0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3084 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	148	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	2128	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:26 PM	ca610e00-1c3c-0003-1b0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	147	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3084	808	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:26 PM	ca610e00-1c3c-0003-1b0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = bc892b2a-1e3d-45ff-8de1-0616831cf603 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = cb0ab058-d6e9-43af-bbc0-8327b2e82fab Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	146	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	2432	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:26 PM	ca610e00-1c3c-0004-290f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = "Stop" $params = Parse-Args $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false $_remote_tmp = Get-AnsibleParam $params "_ansible_remote_tmp" -type "path" -default $env:TMP $path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true -aliases "dest","name" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -validateset "absent","directory","file","touch" # used in template/copy when dest is the path to a dir and source is a file $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" if ((Test-Path -Path $path -PathType Container) -and ($null -ne $original_basename)) { $path = Join-Path -Path $path -ChildPath $original_basename } $result = @{ changed = $false } # Used to delete symlinks as powershell cannot delete broken symlinks $symlink_util = @" using System; using System.ComponentModel; using System.Runtime.InteropServices; namespace Ansible.Command { public class SymLinkHelper { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool DeleteFileW(string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern bool RemoveDirectoryW(string lpPathName); public static void DeleteDirectory(string path) { if (!RemoveDirectoryW(path)) throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } public static void DeleteFile(string path) { if (!DeleteFileW(path)) throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message)); } } } "@ $original_tmp = $env:TMP $env:TMP = $_remote_tmp Add-Type -TypeDefinition $symlink_util $env:TMP = $original_tmp # Used to delete directories and files with logic on handling symbolic links function Remove-File($file, $checkmode) { try { if ($file.Attributes -band [System.IO.FileAttributes]::ReparsePoint) { # Bug with powershell, if you try and delete a symbolic link that is pointing # to an invalid path it will fail, using Win32 API to do this instead if ($file.PSIsContainer) { if (-not $checkmode) { [Ansible.Command.SymLinkHelper]::DeleteDirectory($file.FullName) } } else { if (-not $checkmode) { [Ansible.Command.SymlinkHelper]::DeleteFile($file.FullName) } } } elseif ($file.PSIsContainer) { Remove-Directory -directory $file -checkmode $checkmode } else { Remove-Item -LiteralPath $file.FullName -Force -WhatIf:$checkmode } } catch [Exception] { Fail-Json $result "Failed to delete $($file.FullName): $($_.Exception.Message)" } } function Remove-Directory($directory, $checkmode) { foreach ($file in Get-ChildItem $directory.FullName) { Remove-File -file $file -checkmode $checkmode } Remove-Item -LiteralPath $directory.FullName -Force -Recurse -WhatIf:$checkmode } if ($state -eq "touch") { if (Test-Path -LiteralPath $path) { if (-not $check_mode) { (Get-ChildItem -LiteralPath $path).LastWriteTime = Get-Date } $result.changed = $true } else { Write-Output $null | Out-File -LiteralPath $path -Encoding ASCII -WhatIf:$check_mode $result.changed = $true } } if (Test-Path -LiteralPath $path) { $fileinfo = Get-Item -LiteralPath $path if ($state -eq "absent") { Remove-File -file $fileinfo -checkmode $check_mode $result.changed = $true } else { if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } if ($state -eq "file" -and $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a file" } } } else { # If state is not supplied, test the $path to see if it looks like # a file or a folder and set state to file or folder if ($state -eq $null) { $basename = Split-Path -Path $path -Leaf if ($basename.length -gt 0) { $state = "file" } else { $state = "directory" } } if ($state -eq "directory") { try { New-Item -Path $path -ItemType Directory -WhatIf:$check_mode | Out-Null } catch { if ($_.CategoryInfo.Category -eq "ResourceExists") { $fileinfo = Get-Item -LiteralPath $_.CategoryInfo.TargetName if ($state -eq "directory" -and -not $fileinfo.PsIsContainer) { Fail-Json $result "path $path is not a directory" } } else { Fail-Json $result $_.Exception.Message } } $result.changed = $true } elseif ($state -eq "file") { Fail-Json $result "path $path will not be created" } } Exit-Json $result ScriptBlock ID: 8ae0e9d0-9fd1-45ee-ae8e-056c55abff79 Path:	4104	1		3	2	15	0	145	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	2432	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:26 PM	ca610e00-1c3c-0003-120f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b669c208-0404-4a08-9ab8-a11dc93fdf6a Path:	4104	1		3	2	15	0	144	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	2940	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:25 PM	ca610e00-1c3c-0001-b60f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: b8763f8f-705a-48d0-90a9-d0aab14300e6 Path:	4104	1		3	2	15	0	143	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	2940	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:25 PM	ca610e00-1c3c-0001-ab0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): KgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtZGVmYXVsdCAkZmFsc2UKJF9yZW1vdGVfdG1wID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9yZW1vdGVfdG1wIiAtdHlwZSAicGF0aCIgLWRlZmF1bHQgJGVudjpUTVAKCiRwYXRoID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInBhdGgiIC10eXBlICJwYXRoIiAtZmFpbGlmZW1wdHkgJHRydWUgLWFsaWFzZXMgImRlc3QiLCJuYW1lIgokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RhdGUiIC10eXBlICJzdHIiIC12YWxpZGF0ZXNldCAiYWJzZW50IiwiZGlyZWN0b3J5IiwiZmlsZSIsInRvdWNoIgoKIyB1c2VkIGluIHRlbXBsYXRlL2NvcHkgd2hlbiBkZXN0IGlzIHRoZSBwYXRoIHRvIGEgZGlyIGFuZCBzb3VyY2UgaXMgYSBmaWxlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCmlmICgoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBDb250YWluZXIpIC1hbmQgKCRudWxsIC1uZSAkb3JpZ2luYWxfYmFzZW5hbWUpKSB7CiAgICAkcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkcGF0aCAtQ2hpbGRQYXRoICRvcmlnaW5hbF9iYXNlbmFtZQp9CgokcmVzdWx0ID0gQHsKICAgIGNoYW5nZWQgPSAkZmFsc2UKfQoKIyBVc2VkIHRvIGRlbGV0ZSBzeW1saW5rcyBhcyBwb3dlcnNoZWxsIGNhbm5vdCBkZWxldGUgYnJva2VuIHN5bWxpbmtzCiRzeW1saW5rX3V0aWwgPSBAIgp1c2luZyBTeXN0ZW07CnVzaW5nIFN5c3RlbS5Db21wb25lbnRNb2RlbDsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwoKbmFtZXNwYWNlIEFuc2libGUuQ29tbWFuZCB7CiAgICBwdWJsaWMgY2xhc3MgU3ltTGlua0hlbHBlciB7CiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIERlbGV0ZUZpbGVXKHN0cmluZyBscEZpbGVOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgQ2hhclNldD1DaGFyU2V0LlVuaWNvZGUsIFNldExhc3RFcnJvcj10cnVlKV0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeVcoc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgRGVsZXRlRGlyZWN0b3J5KHN0cmluZyBwYXRoKSB7CiAgICAgICAgICAgIGlmICghUmVtb3ZlRGlyZWN0b3J5VyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiUmVtb3ZlRGlyZWN0b3J5Vyh7MH0pIGZhaWxlZDogezF9IiwgcGF0aCwgbmV3IFdpbjMyRXhjZXB0aW9uKE1hcnNoYWwuR2V0TGFzdFdpbjMyRXJyb3IoKSkuTWVzc2FnZSkpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUZpbGUoc3RyaW5nIHBhdGgpIHsKICAgICAgICAgICAgaWYgKCFEZWxldGVGaWxlVyhwYXRoKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRGVsZXRlRmlsZVcoezB9KSBmYWlsZWQ6IHsxfSIsIHBhdGgsIG5ldyBXaW4zMkV4Y2VwdGlvbihNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCkpLk1lc3NhZ2UpKTsKICAgICAgICB9CiAgICB9Cn0KIkAKJG9yaWdpbmFsX3RtcCA9ICRlbnY6VE1QCiRlbnY6VE1QID0gJF9yZW1vdGVfdG1wCkFkZC1UeXBlIC1UeXBlRGVmaW5pdGlvbiAkc3ltbGlua191dGlsCiRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKIyBVc2VkIHRvIGRlbGV0ZSBkaXJlY3RvcmllcyBhbmQgZmlsZXMgd2l0aCBsb2dpYyBvbiBoYW5kbGluZyBzeW1ib2xpYyBsaW5rcwpmdW5jdGlvbiBSZW1vdmUtRmlsZSgkZmlsZSwgJGNoZWNrbW9kZSkgewogICAgdHJ5IHsKICAgICAgICBpZiAoJGZpbGUuQXR0cmlidXRlcyAtYmFuZCBbU3lzdGVtLklPLkZpbGVBdHRyaWJ1dGVzXTo6UmVwYXJzZVBvaW50KSB7CiAgICAgICAgICAgICMgQnVnIHdpdGggcG93ZXJzaGVsbCwgaWYgeW91IHRyeSBhbmQgZGVsZXRlIGEgc3ltYm9saWMgbGluayB0aGF0IGlzIHBvaW50aW5nCiAgICAgICAgICAgICMgdG8gYW4gaW52YWxpZCBwYXRoIGl0IHdpbGwgZmFpbCwgdXNpbmcgV2luMzIgQVBJIHRvIGRvIHRoaXMgaW5zdGVhZAogICAgICAgICAgICBpZiAoJGZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrbW9kZSkgewogICAgICAgICAgICAgICAgICAgIFtBbnNpYmxlLkNvbW1hbmQuU3ltTGlua0hlbHBlcl06OkRlbGV0ZURpcmVjdG9yeSgkZmlsZS5GdWxsTmFtZSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgtbm90ICRjaGVja21vZGUpIHsKICAgICAgICAgICAgICAgICAgICBbQW5zaWJsZS5Db21tYW5kLlN5bWxpbmtIZWxwZXJdOjpEZWxldGVGaWxlKCRmaWxlLkZ1bGxOYW1lKQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgUmVtb3ZlLURpcmVjdG9yeSAtZGlyZWN0b3J5ICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIFJlbW92ZS1JdGVtIC1MaXRlcmFsUGF0aCAkZmlsZS5GdWxsTmFtZSAtRm9yY2UgLVdoYXRJZjokY2hlY2ttb2RlCiAgICAgICAgfQogICAgfSBjYXRjaCBbRXhjZXB0aW9uXSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgIkZhaWxlZCB0byBkZWxldGUgJCgkZmlsZS5GdWxsTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQp9CgpmdW5jdGlvbiBSZW1vdmUtRGlyZWN0b3J5KCRkaXJlY3RvcnksICRjaGVja21vZGUpIHsKICAgIGZvcmVhY2ggKCRmaWxlIGluIEdldC1DaGlsZEl0ZW0gJGRpcmVjdG9yeS5GdWxsTmFtZSkgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlIC1jaGVja21vZGUgJGNoZWNrbW9kZQogICAgfQogICAgUmVtb3ZlLUl0ZW0gLUxpdGVyYWxQYXRoICRkaXJlY3RvcnkuRnVsbE5hbWUgLUZvcmNlIC1SZWN1cnNlIC1XaGF0SWY6JGNoZWNrbW9kZQp9CgoKaWYgKCRzdGF0ZSAtZXEgInRvdWNoIikgewogICAgaWYgKFRlc3QtUGF0aCAtTGl0ZXJhbFBhdGggJHBhdGgpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAoR2V0LUNoaWxkSXRlbSAtTGl0ZXJhbFBhdGggJHBhdGgpLkxhc3RXcml0ZVRpbWUgPSBHZXQtRGF0ZQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlIHsKICAgICAgICBXcml0ZS1PdXRwdXQgJG51bGwgfCBPdXQtRmlsZSAtTGl0ZXJhbFBhdGggJHBhdGggLUVuY29kaW5nIEFTQ0lJIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgppZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewogICAgJGZpbGVpbmZvID0gR2V0LUl0ZW0gLUxpdGVyYWxQYXRoICRwYXRoCiAgICBpZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewogICAgICAgIFJlbW92ZS1GaWxlIC1maWxlICRmaWxlaW5mbyAtY2hlY2ttb2RlICRjaGVja19tb2RlCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGRpcmVjdG9yeSIKICAgICAgICB9CgogICAgICAgIGlmICgkc3RhdGUgLWVxICJmaWxlIiAtYW5kICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJwYXRoICRwYXRoIGlzIG5vdCBhIGZpbGUiCiAgICAgICAgfQogICAgfQoKfSBlbHNlIHsKCiAgICAjIElmIHN0YXRlIGlzIG5vdCBzdXBwbGllZCwgdGVzdCB0aGUgJHBhdGggdG8gc2VlIGlmIGl0IGxvb2tzIGxpa2UKICAgICMgYSBmaWxlIG9yIGEgZm9sZGVyIGFuZCBzZXQgc3RhdGUgdG8gZmlsZSBvciBmb2xkZXIKICAgIGlmICgkc3RhdGUgLWVxICRudWxsKSB7CiAgICAgICAgJGJhc2VuYW1lID0gU3BsaXQtUGF0aCAtUGF0aCAkcGF0aCAtTGVhZgogICAgICAgIGlmICgkYmFzZW5hbWUubGVuZ3RoIC1ndCAwKSB7CiAgICAgICAgICAgJHN0YXRlID0gImZpbGUiCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAkc3RhdGUgPSAiZGlyZWN0b3J5IgogICAgICAgIH0KICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAiZGlyZWN0b3J5IikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXRoIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIGlmICgkXy5DYXRlZ29yeUluZm8uQ2F0ZWdvcnkgLWVxICJSZXNvdXJjZUV4aXN0cyIpIHsKICAgICAgICAgICAgICAgICRmaWxlaW5mbyA9IEdldC1JdGVtIC1MaXRlcmFsUGF0aCAkXy5DYXRlZ29yeUluZm8uVGFyZ2V0TmFtZQogICAgICAgICAgICAgICAgaWYgKCRzdGF0ZSAtZXEgImRpcmVjdG9yeSIgLWFuZCAtbm90ICRmaWxlaW5mby5Qc0lzQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggaXMgbm90IGEgZGlyZWN0b3J5IgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfSBlbHNlaWYgKCRzdGF0ZSAtZXEgImZpbGUiKSB7CiAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgInBhdGggJHBhdGggd2lsbCBub3QgYmUgY3JlYXRlZCIKICAgIH0KCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_file", "_ansible_remote_tmp": "%TEMP%", "_ansible_check_mode": false, "_ansible_keep_remote_files": false, "_ansible_verbosity": 4, "_ansible_socket": null, "state": "directory", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\bin", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 077e0271-94a0-46a4-865d-69d49fa3ba99 Path:	4104	1		3	2	15	0	142	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	2940	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:25 PM	ca610e00-1c3c-0001-a50f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): 4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQg ScriptBlock ID: 077e0271-94a0-46a4-865d-69d49fa3ba99 Path:	4104	1		3	2	15	0	141	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	2940	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:25 PM	ca610e00-1c3c-0001-a50f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm ScriptBlock ID: 077e0271-94a0-46a4-865d-69d49fa3ba99 Path:	4104	1		3	2	15	0	140	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	2940	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:25 PM	ca610e00-1c3c-0001-a50f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	139	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	2964	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:25 PM	ca610e00-1c3c-0001-a30f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 672 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	138	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	596	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:25 PM	ca610e00-1c3c-0001-a30f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	137	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	672	2964	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:25 PM	ca610e00-1c3c-0001-a30f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	136	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1900	1488	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:24 PM	ca610e00-1c3c-0004-110f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1900 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	135	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1900	3568	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:23 PM	ca610e00-1c3c-0004-110f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	134	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1900	1488	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:23 PM	ca610e00-1c3c-0004-110f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 507beae7-b520-4e5f-bbfe-8247e9d9d07f Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 6d624a1b-f12b-44ef-91bd-fa0a9c1c5afe Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	133	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	1264	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:23 PM	ca610e00-1c3c-0000-8d0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 0a4030a7-bda3-4450-a8ef-1e4af26af4ca Path:	4104	1		3	2	15	0	132	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0002-0510-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b2c68ceb-5c4c-401b-be66-7078bf57d2b9 Path:	4104	1		3	2	15	0	131	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0002-fe0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 87214d9c-dd2d-4484-af55-5dfe015085f7 Path:	4104	1		3	2	15	0	130	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0004-0a0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): AgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "net user administrator Passw0rd", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 5da1c579-9625-4013-a710-c04631e65a74 Path:	4104	1		3	2	15	0	129	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0002-f80f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgIC ScriptBlock ID: 5da1c579-9625-4013-a710-c04631e65a74 Path:	4104	1		3	2	15	0	128	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0002-f80f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): GlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b ScriptBlock ID: 5da1c579-9625-4013-a710-c04631e65a74 Path:	4104	1		3	2	15	0	127	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0002-f80f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5I ScriptBlock ID: 5da1c579-9625-4013-a710-c04631e65a74 Path:	4104	1		3	2	15	0	126	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	1096	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0002-f80f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	125	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	868	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0004-050f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 592 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	124	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	3840	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0004-050f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	123	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	592	868	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:21 PM	ca610e00-1c3c-0004-050f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: abc00a65-9aab-49cc-9183-e8d32fd30e0c Path:	4104	1		3	2	15	0	122	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2120	3056	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:19 PM	ca610e00-1c3c-0002-ed0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: fbced943-f1c5-43d5-9356-b4e0d0fb9547 Path:	4104	1		3	2	15	0	121	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2120	3056	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:18 PM	ca610e00-1c3c-0005-4a0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): JbnN0YWxsLVdpbmRvd3NGZWF0dXJlCiAgICBTZXQtQWxpYXMgLU5hbWUgVW5pbnN0YWxsLUFuc2libGVXaW5kb3dzRmVhdHVyZSAtVmFsdWUgVW5pbnN0YWxsLVdpbmRvd3NGZWF0dXJlCiAgICAkaW5zdGFsbF9jbWRsZXQgPSAkdHJ1ZQp9IGVsc2VpZiAoR2V0LUNvbW1hbmQgLU5hbWUgQWRkLVdpbmRvd3NGZWF0dXJlIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSB7CiAgICBTZXQtQWxpYXMgLU5hbWUgSW5zdGFsbC1BbnNpYmxlV2luZG93c0ZlYXR1cmUgLVZhbHVlIEFkZC1XaW5kb3dzRmVhdHVyZQogICAgU2V0LUFsaWFzIC1OYW1lIFVuaW5zdGFsbC1BbnNpYmxlV2luZG93c0ZlYXR1cmUgLVZhbHVlIFJlbW92ZS1XaW5kb3dzRmVhdHVyZQp9IGVsc2UgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiVGhpcyB2ZXJzaW9uIG9mIFdpbmRvd3MgZG9lcyBub3Qgc3VwcG9ydCB0aGUgY21kbGV0cyBJbnN0YWxsLVdpbmRvd3NGZWF0dXJlIG9yIEFkZC1XaW5kb3dzRmVhdHVyZSIKfQoKaWYgKCRzdGF0ZSAtZXEgInByZXNlbnQiKSB7CiAgICAkaW5zdGFsbF9hcmdzID0gQHsKICAgICAgICBOYW1lID0gJG5hbWUKICAgICAgICBJbmNsdWRlQWxsU3ViRmVhdHVyZSA9ICRpbmNsdWRlX3N1Yl9mZWF0dXJlcwogICAgICAgIFJlc3RhcnQgPSAkZmFsc2UKICAgICAgICBXaGF0SWYgPSAkY2hlY2tfbW9kZQogICAgICAgIEVycm9yQWN0aW9uID0gIlN0b3AiCiAgICB9CgogICAgaWYgKCRpbnN0YWxsX2NtZGxldCkgewogICAgICAgICRpbnN0YWxsX2FyZ3MuSW5jbHVkZU1hbmFnZW1lbnRUb29scyA9ICRpbmNsdWRlX21hbmFnZW1lbnRfdG9vbHMKICAgICAgICAkaW5zdGFsbF9hcmdzLkNvbmZpcm0gPSAkZmFsc2UKICAgICAgICBpZiAoJHNvdXJjZSkgewogICAgICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzb3VyY2UpKSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJGYWlsZWQgdG8gZmluZCBzb3VyY2UgcGF0aCAkc291cmNlIGZvciBmZWF0dXJlIGluc3RhbGwiCiAgICAgICAgICAgIH0KICAgICAgICAgICAgJGluc3RhbGxfYXJncy5Tb3VyY2UgPSAkc291cmNlCiAgICAgICAgfQogICAgfQoKICAgIHRyeSB7CiAgICAgICAgJGFjdGlvbl9yZXN1bHRzID0gSW5zdGFsbC1BbnNpYmxlV2luZG93c0ZlYXR1cmUgQGluc3RhbGxfYXJncwogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGluc3RhbGwgV2luZG93cyBGZWF0dXJlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KfSBlbHNlIHsKICAgICR1bmluc3RhbGxfYXJncyA9IEB7CiAgICAgICAgTmFtZSA9ICRuYW1lCiAgICAgICAgUmVzdGFydCA9ICRmYWxzZQogICAgICAgIFdoYXRJZiA9ICRjaGVja19tb2RlCiAgICAgICAgRXJyb3JBY3Rpb24gPSAiU3RvcCIKICAgIH0KICAgIGlmICgkaW5zdGFsbF9jbWRsZXQpIHsKICAgICAgICAkdW5pbnN0YWxsX2FyZ3MuSW5jbHVkZU1hbmFnZW1lbnRUb29scyA9ICRpbmNsdWRlX21hbmFnZW1lbnRfdG9vbHMKICAgIH0KCiAgICB0cnkgewogICAgICAgICRhY3Rpb25fcmVzdWx0cyA9IFVuaW5zdGFsbC1BbnNpYmxlV2luZG93c0ZlYXR1cmUgQHVuaW5zdGFsbF9hcmdzCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJGYWlsZWQgdG8gdW5pbnN0YWxsIFdpbmRvd3MgRmVhdHVyZTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICB9Cn0KCiMgTG9vcCB0aHJvdWdoIHJlc3VsdHMgYW5kIGNyZWF0ZSBhIGhhc2ggY29udGFpbmluZyBkZXRhaWxzIGFib3V0CiMgZWFjaCByb2xlL2ZlYXR1cmUgdGhhdCBpcyBpbnN0YWxsZWQvcmVtb3ZlZAojICRhY3Rpb25fcmVzdWx0cy5GZWF0dXJlUmVzdWx0IGlzIG5vdCBlbXB0eSBpZiBhbnl0aGluZyB3YXMgY2hhbmdlZAokZmVhdHVyZV9yZXN1bHRzID0gQCgpCmZvcmVhY2ggKCRhY3Rpb25fcmVzdWx0IGluICRhY3Rpb25fcmVzdWx0cy5GZWF0dXJlUmVzdWx0KSB7CiAgICAkbWVzc2FnZSA9IEAoKQogICAgZm9yZWFjaCAoJG1zZyBpbiAkYWN0aW9uX3Jlc3VsdC5NZXNzYWdlKSB7CiAgICAgICAgJG1lc3NhZ2UgKz0gQHsKICAgICAgICAgICAgbWVzc2FnZV90eXBlID0gJG1zZy5NZXNzYWdlVHlwZS5Ub1N0cmluZygpCiAgICAgICAgICAgIGVycm9yX2NvZGUgPSAkbXNnLkVycm9yQ29kZQogICAgICAgICAgICB0ZXh0ID0gJG1zZy5UZXh0CiAgICAgICAgfQogICAgfQoKICAgICRmZWF0dXJlX3Jlc3VsdHMgKz0gQHsKICAgICAgICBpZCA9ICRhY3Rpb25fcmVzdWx0LklkCiAgICAgICAgZGlzcGxheV9uYW1lID0gJGFjdGlvbl9yZXN1bHQuRGlzcGxheU5hbWUKICAgICAgICBtZXNzYWdlID0gJG1lc3NhZ2UKICAgICAgICByZWJvb3RfcmVxdWlyZWQgPSBDb252ZXJ0VG8tQm9vbCAtb2JqICRhY3Rpb25fcmVzdWx0LlJlc3RhcnROZWVkZWQKICAgICAgICBza2lwX3JlYXNvbiA9ICRhY3Rpb25fcmVzdWx0LlNraXBSZWFzb24uVG9TdHJpbmcoKQogICAgICAgIHN1Y2Nlc3MgPSBDb252ZXJ0VG8tQm9vbCAtb2JqICRhY3Rpb25fcmVzdWx0LlN1Y2Nlc3MKICAgICAgICByZXN0YXJ0X25lZWRlZCA9IENvbnZlcnRUby1Cb29sIC1vYmogJGFjdGlvbl9yZXN1bHQuUmVzdGFydE5lZWRlZAogICAgfQogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQokcmVzdWx0LmZlYXR1cmVfcmVzdWx0ID0gJGZlYXR1cmVfcmVzdWx0cwokcmVzdWx0LnN1Y2Nlc3MgPSBDb252ZXJ0VG8tQm9vbCAtb2JqICRhY3Rpb25fcmVzdWx0cy5TdWNjZXNzCiRyZXN1bHQuZXhpdGNvZGUgPSAkYWN0aW9uX3Jlc3VsdHMuRXhpdENvZGUuVG9TdHJpbmcoKQokcmVzdWx0LnJlYm9vdF9yZXF1aXJlZCA9IENvbnZlcnRUby1Cb29sIC1vYmogJGFjdGlvbl9yZXN1bHRzLlJlc3RhcnROZWVkZWQKIyBjb250cm9scyB3aGV0aGVyIEFuc2libGUgd2lsbCBmYWlsIG9yIG5vdAokcmVzdWx0LmZhaWxlZCA9ICgtbm90ICRhY3Rpb25fcmVzdWx0cy5TdWNjZXNzKQoKIyBERVBSRUNBVEVEIDIuNCwgcmVtb3ZlIGluIDIuOCAoc3RhbmRhcmRpemUgbmFtaW5nIHRvICJyZWJvb3RfcmVxdWlyZWQiKQokcmVzdWx0LnJlc3RhcnRfbmVlZGVkID0gJHJlc3VsdC5yZWJvb3RfcmVxdWlyZWQKCkV4aXQtSnNvbiAtb2JqICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "name": "FS-iSCSITarget-Server", "_ansible_module_name": "win_feature", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "present", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_no_log": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: aa800c7a-bfc1-4808-ba54-c9b7a4a4498b Path:	4104	1		3	2	15	0	120	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2120	3056	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:18 PM	ca610e00-1c3c-0005-440f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): A9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIFBhdWwgRHVyaXZhZ2UgPHBhdWwuZHVyaXZhZ2VAcmFja3NwYWNlLmNvbT4KIyBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2My4wKyAoc2VlIENPUFlJTkcgb3IgaHR0cHM6Ly93d3cuZ251Lm9yZy9saWNlbnNlcy9ncGwtMy4wLnR4dCkKCiNSZXF1aXJlcyAtTW9kdWxlIEFuc2libGUuTW9kdWxlVXRpbHMuTGVnYWN5CgpJbXBvcnQtTW9kdWxlIC1OYW1lIFNlcnZlck1hbmFnZXIKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokcGFyYW1zID0gUGFyc2UtQXJncyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCgokbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJuYW1lIiAtdHlwZSAibGlzdCIgLWZhaWxpZmVtcHR5ICR0cnVlCiRzdGF0ZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJzdGF0ZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInByZXNlbnQiIC12YWxpZGF0ZXNldCAicHJlc2VudCIsImFic2VudCIKCiRpbmNsdWRlX3N1Yl9mZWF0dXJlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJpbmNsdWRlX3N1Yl9mZWF0dXJlcyIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokaW5jbHVkZV9tYW5hZ2VtZW50X3Rvb2xzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImluY2x1ZGVfbWFuYWdlbWVudF90b29scyIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokc291cmNlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNvdXJjZSIgLXR5cGUgInN0ciIKCiRpbnN0YWxsX2NtZGxldCA9ICRmYWxzZQppZiAoR2V0LUNvbW1hbmQgLU5hbWUgSW5zdGFsbC1XaW5kb3dzRmVhdHVyZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZSkgewogICAgU2V0LUFsaWFzIC1OYW1lIEluc3RhbGwtQW5zaWJsZVdpbmRvd3NGZWF0dXJlIC1WYWx1ZSB ScriptBlock ID: aa800c7a-bfc1-4808-ba54-c9b7a4a4498b Path:	4104	1		3	2	15	0	119	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2120	3056	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:18 PM	ca610e00-1c3c-0005-440f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZS ScriptBlock ID: aa800c7a-bfc1-4808-ba54-c9b7a4a4498b Path:	4104	1		3	2	15	0	118	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2120	3056	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:18 PM	ca610e00-1c3c-0005-440f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	117	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2120	3916	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:18 PM	ca610e00-1c3c-0004-f70e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2120 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	116	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2120	4080	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:18 PM	ca610e00-1c3c-0004-f70e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	115	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2120	3916	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:10:15 PM	ca610e00-1c3c-0004-f70e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 6c545484-b91f-467e-8cae-3cb5765418fd Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = bbcbfeb7-11ec-455f-ad2b-b5c6bdc2bffe Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	114	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1480	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:16 PM	ca610e00-1c3c-0000-2c0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: f05b417f-c4c9-439c-942e-18f025b5b679 Path:	4104	1		3	2	15	0	113	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1480	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:16 PM	ca610e00-1c3c-0000-250f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 6c545484-b91f-467e-8cae-3cb5765418fd Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = bbcbfeb7-11ec-455f-ad2b-b5c6bdc2bffe Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H2-828168-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	112	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1480	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:15 PM	ca610e00-1c3c-0000-230f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: 992fe34e-b43e-438e-96af-79bc77acfa16 Path:	4104	1		3	2	15	0	111	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1480	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:08 PM	ca610e00-1c3c-0000-bb0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 083bb4a6-08ed-4e61-8e1f-4a690fcaebe4 Path:	4104	1		3	2	15	0	110	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1252	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:08 PM	ca610e00-1c3c-0000-b80e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 768afe64-c784-4976-92a4-197a5839693d Path:	4104	1		3	2	15	0	109	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1252	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:08 PM	ca610e00-1c3c-0000-b30e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 7c82cebf-23ab-42ca-bc6e-da9526e244ba Path:	4104	1		3	2	15	0	108	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1252	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:07 PM	ca610e00-1c3c-0000-ad0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): UpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5 ScriptBlock ID: 7c82cebf-23ab-42ca-bc6e-da9526e244ba Path:	4104	1		3	2	15	0	107	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1252	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:07 PM	ca610e00-1c3c-0000-ad0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): FtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cm ScriptBlock ID: 7c82cebf-23ab-42ca-bc6e-da9526e244ba Path:	4104	1		3	2	15	0	106	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1252	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:07 PM	ca610e00-1c3c-0000-ad0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): 2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbm ScriptBlock ID: 7c82cebf-23ab-42ca-bc6e-da9526e244ba Path:	4104	1		3	2	15	0	105	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1252	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:07 PM	ca610e00-1c3c-0000-ad0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR ScriptBlock ID: 7c82cebf-23ab-42ca-bc6e-da9526e244ba Path:	4104	1		3	2	15	0	104	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	1252	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:07 PM	ca610e00-1c3c-0000-ad0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	103	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	3412	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:07 PM	ca610e00-1c3c-0001-4b0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3616 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	102	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	4000	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:07 PM	ca610e00-1c3c-0001-4b0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	101	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	3412	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:09:07 PM	ca610e00-1c3c-0001-4b0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b65dd2f9-d827-4fad-9076-fbd8bee08881 Path:	4104	1		3	2	15	0	100	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	140	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:08:55 PM	ca610e00-1c3c-0005-0f0f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: b05caf3b-72a8-46bb-982a-471a551c24b5 Path:	4104	1		3	2	15	0	99	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	140	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:08:55 PM	ca610e00-1c3c-0005-060f-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): mUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokZGF0YSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJkYXRhIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAicG9uZyIKCmlmICgkZGF0YSAtZXEgImNyYXNoIikgewogICAgdGhyb3cgImJvb20iCn0KCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQogICAgcGluZyA9ICRkYXRhCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_ping", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: d540175e-5785-42d8-8bec-78f89f91bbf3 Path:	4104	1		3	2	15	0	98	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	140	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:08:53 PM	ca610e00-1c3c-0005-ff0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpd ScriptBlock ID: d540175e-5785-42d8-8bec-78f89f91bbf3 Path:	4104	1		3	2	15	0	97	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	140	664	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:08:53 PM	ca610e00-1c3c-0005-ff0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	96	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	140	4088	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:08:52 PM	ca610e00-1c3c-0003-ba0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 140 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	95	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	140	2436	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:08:51 PM	ca610e00-1c3c-0003-ba0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	94	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	140	4088	n-h2-828168-2	S-1-5-21-4262337943-2344444407-1309317444-1001	2/7/2022 4:08:51 PM	ca610e00-1c3c-0003-ba0e-61ca3c1cd801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4956 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	93	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4956	4340	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:43:14 AM	ad8d0f9c-9109-0001-a111-8dad0991d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	92	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4256	4260	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:41:47 AM	ad8d0f9c-9109-0002-1711-8dad0991d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4256 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	91	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4256	4368	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:41:47 AM	ad8d0f9c-9109-0002-1711-8dad0991d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	90	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4256	4260	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:41:47 AM	ad8d0f9c-9109-0002-1711-8dad0991d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = One or several parent features are disabled so current feature can not be enabled. Fully Qualified Error ID = Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand Context: Severity = Warning Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 7a6064d3-caf8-4b2c-90d6-6614b6bb2722 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Engine Version = 5.1.14393.1944 Runspace ID = 8db922f0-0511-49c4-b38a-fbdb0b2889c8 Pipeline ID = 20 Command Name = Enable-WindowsOptionalFeature Command Type = Cmdlet Script Name = Command Path = Sequence Number = 18 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	89	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4460	4576	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:31:45 AM	aff0bd57-9107-0001-a0bf-f0af0791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = One or several parent features are disabled so current feature can not be enabled. Fully Qualified Error ID = Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand Context: Severity = Warning Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 7a6064d3-caf8-4b2c-90d6-6614b6bb2722 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Engine Version = 5.1.14393.1944 Runspace ID = 8db922f0-0511-49c4-b38a-fbdb0b2889c8 Pipeline ID = 17 Command Name = Enable-WindowsOptionalFeature Command Type = Cmdlet Script Name = Command Path = Sequence Number = 17 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	88	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4460	4576	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:31:25 AM	aff0bd57-9107-0000-1dbf-f0af0791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Feature name Microsoft-Hyper-V-All is unknown. Fully Qualified Error ID = Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand Context: Severity = Warning Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 7a6064d3-caf8-4b2c-90d6-6614b6bb2722 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Engine Version = 5.1.14393.1944 Runspace ID = 8db922f0-0511-49c4-b38a-fbdb0b2889c8 Pipeline ID = 14 Command Name = Enable-WindowsOptionalFeature Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	87	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4460	4576	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:30:45 AM	aff0bd57-9107-0001-91bf-f0af0791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Feature name RSAT-Hyper-V-Tools is unknown. Fully Qualified Error ID = Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand Context: Severity = Warning Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 7a6064d3-caf8-4b2c-90d6-6614b6bb2722 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Engine Version = 5.1.14393.1944 Runspace ID = 8db922f0-0511-49c4-b38a-fbdb0b2889c8 Pipeline ID = 6 Command Name = Enable-WindowsOptionalFeature Command Type = Cmdlet Script Name = Command Path = Sequence Number = 15 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	86	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4460	4576	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:28:03 AM	aff0bd57-9107-0000-9cbe-f0af0791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	85	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4460	4464	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:27:28 AM	aff0bd57-9107-0003-c9be-f0af0791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4460 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	84	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4460	4572	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:27:27 AM	aff0bd57-9107-0003-c9be-f0af0791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	83	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4460	4464	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:27:27 AM	aff0bd57-9107-0003-c9be-f0af0791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Feature name Hyper-V is unknown. Fully Qualified Error ID = Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand Context: Severity = Warning Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = a2011431-ed26-493a-9d87-2110cadf0708 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Engine Version = 5.1.14393.1944 Runspace ID = f313b4cd-0f39-498d-9ea1-7d6a0388a78e Pipeline ID = 10 Command Name = Enable-WindowsOptionalFeature Command Type = Cmdlet Script Name = Command Path = Sequence Number = 15 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	82	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2852	3684	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:24:05 AM	17f2f0cc-9107-0003-97f2-f2170791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	81	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2852	3392	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:23:43 AM	17f2f0cc-9107-0003-88f2-f2170791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2852 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	80	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2852	3576	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:23:42 AM	17f2f0cc-9107-0003-88f2-f2170791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	79	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2852	3392	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:23:42 AM	17f2f0cc-9107-0003-88f2-f2170791d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	78	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2948	3556	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:19:21 AM	289cfce6-9103-0003-f702-9d280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2948 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	77	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2948	4996	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:19:21 AM	289cfce6-9103-0003-f702-9d280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	76	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2948	3556	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:19:21 AM	289cfce6-9103-0003-f702-9d280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Exception calling "Put" with "0" argument(s): "Generic failure " Fully Qualified Error ID = DotNetMethodException,Microsoft.PowerShell.Commands.InvokeCommandCommand Context: Severity = Warning Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 8d90c0c8-a196-44ca-8b2d-eea3c4a4191a Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 Engine Version = 5.1.14393.1944 Runspace ID = 52ed0133-95ba-4d7e-a2ba-ec8c934216bb Pipeline ID = 1 Command Name = Invoke-Command Command Type = Cmdlet Script Name = C:\UnattendResources\Logon.ps1 Command Path = Sequence Number = 18 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	75	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2972	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:11:39 AM	289cfce6-9103-0000-cbfe-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Dism.exe clean failed Fully Qualified Error ID = Dism.exe clean failed Context: Severity = Warning Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 8d90c0c8-a196-44ca-8b2d-eea3c4a4191a Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 Engine Version = 5.1.14393.1944 Runspace ID = 52ed0133-95ba-4d7e-a2ba-ec8c934216bb Pipeline ID = 1 Command Name = Command Type = Script Name = C:\UnattendResources\Logon.ps1 Command Path = Sequence Number = 17 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	74	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2972	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 9:08:07 AM	289cfce6-9103-0002-0cfe-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 472903c4-35b3-4c83-9276-711692bf7dcf Host Application = C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Engine Version = 5.1.14393.1944 Runspace ID = 98467050-eab8-4e58-97d4-7e9397ff0dd0 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	73	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3100	3840	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:07 AM	289cfce6-9103-0002-d6fd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} ScriptBlock ID: 8a36850c-26f9-42f6-ad5a-4497ff86142d Path:	4104	1		3	2	15	0	72	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3100	3840	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:06 AM	289cfce6-9103-0003-c6fd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	71	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3100	1988	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:06 AM	289cfce6-9103-0002-cdfd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3100 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	70	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3100	2772	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:05 AM	289cfce6-9103-0002-cdfd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	69	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3100	1988	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:05 AM	289cfce6-9103-0002-cdfd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 8d90c0c8-a196-44ca-8b2d-eea3c4a4191a Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 Engine Version = 5.1.14393.1944 Runspace ID = 52ed0133-95ba-4d7e-a2ba-ec8c934216bb Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = C:\UnattendResources\ini.psm1 Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	68	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2972	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:05 AM	289cfce6-9103-0001-b4fd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): <# Copyright 2014 Cloudbase Solutions Srl Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. #> $Source = @" using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces $null with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } } "@ Add-Type -TypeDefinition $Source -Language CSharp function Get-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter()] [string]$Default = $null, [parameter(Mandatory=$true)] [string]$Path, [parameter()] [switch]$AsBoolean ) process { $sb = New-Object -TypeName "System.Text.StringBuilder" -ArgumentList 1000 $retVal = [PSCloudbase.Win32IniApi]::GetPrivateProfileString($Section, $Key, $Default, $sb, $sb.Capacity, $Path) if (!$retVal) { $lastErr = [PSCloudbase.Win32IniApi]::GetLastError() if ($lastErr -ne 2) { throw "Cannot get value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } elseif (!(Test-Path $Path)) { throw "Ini file '$Path' does not exist" } } $value = $sb.ToString() if($AsBoolean) { return [System.Convert]::ToBoolean($value) } else { return $value } } } function Set-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Value, [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $Value, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot set value in ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } function Remove-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $null, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot remove value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } Export-ModuleMember Get-IniFileValue, Set-IniFileValue, Remove-IniFileValue ScriptBlock ID: 9d7dbfb7-f89e-4b7d-99eb-7f477f2c3c80 Path: C:\UnattendResources\ini.psm1	4104	1		3	2	15	0	67	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2972	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:04 AM	289cfce6-9103-0002-b8fd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): $ErrorActionPreference = "Stop" $resourcesDir = "$ENV:SystemDrive\UnattendResources" $configIniPath = "$resourcesDir\config.ini" function Set-PersistDrivers { Param( [parameter(Mandatory=$true)] [string]$Path, [switch]$Persist=$true ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) }catch{ Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "generalize"){ $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component -and $xml.unattend.settings[$index].component.PersistAllDeviceInstalls -ne $Persist.ToString()){ $xml.unattend.settings[$index].component.PersistAllDeviceInstalls = $Persist.ToString() } } } $xml.Save($Path) } function Set-UnattendEnableSwap { Param( [parameter(Mandatory=$true)] [string]$Path ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) } catch { Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "specialize") { $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order) { $xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order = "2" } [xml]$RunSynchronousCommandXml = @" <RunSynchronousCommand xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <Order>1</Order> <Path>"C:\Windows\System32\reg.exe" ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PagingFiles" /d "?:\pagefile.sys" /f</Path> <Description>Set page file to be automatically managed by the system</Description> <WillReboot>Never</WillReboot> </RunSynchronousCommand> "@ $xml.unattend.settings[$index].component.RunSynchronous.AppendChild($xml.ImportNode($RunSynchronousCommandXml.RunSynchronousCommand, $true)) } } $xml.Save($Path) } function Clean-UpdateResources { $HOST.UI.RawUI.WindowTitle = "Running update resources cleanup" # We're done, disable AutoLogon Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -Name Unattend* Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoLogonCount # Cleanup if (Test-Path $resourcesDir) { Remove-Item -Recurse -Force $resourcesDir } if (Test-Path "$ENV:SystemDrive\Unattend.xml") { Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" } } function Clean-WindowsUpdates { Param( $PurgeUpdates ) $HOST.UI.RawUI.WindowTitle = "Running Dism cleanup..." if (([System.Environment]::OSVersion.Version.Major -gt 6) -or ([System.Environment]::OSVersion.Version.Minor -ge 2)) { if (!$PurgeUpdates) { Dism.exe /Online /Cleanup-Image /StartComponentCleanup } else { Dism.exe /Online /Cleanup-Image /StartComponentCleanup /ResetBase } if ($LASTEXITCODE) { throw "Dism.exe clean failed" } } } function Run-Defragment { $HOST.UI.RawUI.WindowTitle = "Running Defrag..." #Defragmenting all drives at normal priority defrag.exe /C /H /V if ($LASTEXITCODE) { throw "Defrag.exe failed" } } function Release-IP { $HOST.UI.RawUI.WindowTitle = "Releasing IP..." ipconfig.exe /release if ($LASTEXITCODE) { throw "IPconfig release failed" } } function Install-WindowsUpdates { Import-Module "$resourcesDir\WindowsUpdates\WindowsUpdates" $BaseOSKernelVersion = [System.Environment]::OSVersion.Version $OSKernelVersion = ($BaseOSKernelVersion.Major.ToString() + "." + $BaseOSKernelVersion.Minor.ToString()) $KBIdsBlacklist = @{ "6.1" = @("KB3013538","KB2808679", "KB2894844", "KB3019978", "KB2984976"); "6.2" = @("KB3013538", "KB3042058", "KB3172729") "6.3" = @("KB3013538", "KB3042058", "KB3172729") } $excludedUpdates = $KBIdsBlacklist[$OSKernelVersion] $updates = ExecRetry { Get-WindowsUpdate -Verbose -ExcludeKBId $excludedUpdates } -maxRetryCount 30 -retryInterval 1 $maximumUpdates = 20 if (!$updates.Count) { $updates = [array]$updates } if ($updates) { $availableUpdatesNumber = $updates.Count Write-Host "Found $availableUpdatesNumber updates. Installing..." try { Install-WindowsUpdate -Updates $updates[0..$maximumUpdates] } finally { Restart-Computer -Force exit 0 } } } function ExecRetry($command, $maxRetryCount=4, $retryInterval=4) { $currErrorActionPreference = $ErrorActionPreference $ErrorActionPreference = "Continue" $retryCount = 0 while ($true) { try { $res = Invoke-Command -ScriptBlock $command $ErrorActionPreference = $currErrorActionPreference return $res } catch [System.Exception] { $retryCount++ if ($retryCount -ge $maxRetryCount) { $ErrorActionPreference = $currErrorActionPreference throw } else { if($_) { Write-Warning $_ } Start-Sleep $retryInterval } } } } function Disable-Swap { $computerSystem = Get-WmiObject Win32_ComputerSystem if ($computerSystem.AutomaticManagedPagefile) { $computerSystem.AutomaticManagedPagefile = $False $computerSystem.Put() } $pageFileSetting = Get-WmiObject Win32_PageFileSetting if ($pageFileSetting) { $pageFileSetting.Delete() } } function Skip-Rearm { #Note: On 2008R2 we need to make sure that the sysprep process will not reset the activation status. # We can set the registry key SkipRearm to 1 in order to stop this. Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\' -Name SkipRearm -Value '1' } function Activate-Windows { # Note(cgalan): On 2008R2 the initial product key activation fails # so we need to manually activate it using slmgr # slmgr /ipk $productKey # slmgr /skms kms-spla.ad.ware.fi #slmgr /ato } try { Import-Module "$resourcesDir\ini.psm1" $installUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "InstallUpdates" -Default $false -AsBoolean $persistDrivers = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PersistDriverInstall" -Default $true -AsBoolean $purgeUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PurgeUpdates" -Default $false -AsBoolean $disableSwap = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "DisableSwap" -Default $false -AsBoolean $goldImage = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "GoldImage" -Default $false -AsBoolean $productKey = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "ProductKey" -Default $null # Note(avladu): Force a key push on the powershell console for it not to freeze $KeyPressPowershellProcess = Start-Process -NoNewWindow -FilePath "powershell.exe" {Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}} -PassThru if ($productKey) { Activate-Windows Skip-Rearm } if($installUpdates) { Install-WindowsUpdates } ExecRetry { Clean-WindowsUpdates -PurgeUpdates $purgeUpdates } $KeyPressPowershellProcess | Stop-Process if ($goldImage) { # Cleanup Remove-Item -Recurse -Force $resourcesDir Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" shutdown -s -t 0 -f } $Host.UI.RawUI.WindowTitle = "Installing Cloudbase-Init..." $programFilesDir = $ENV:ProgramFiles $CloudbaseInitMsiPath = "$resourcesDir\CloudbaseInit.msi" $CloudbaseInitMsiLog = "$resourcesDir\CloudbaseInit.log" $serialPortName = @(Get-WmiObject Win32_SerialPort)[0].DeviceId $p = Start-Process -Wait -PassThru -FilePath msiexec -ArgumentList "/i $CloudbaseInitMsiPath /qn /l*v $CloudbaseInitMsiLog LOGGINGSERIALPORTNAME=$serialPortName" if ($p.ExitCode -ne 0) { throw "Installing $CloudbaseInitMsiPath failed. Log: $CloudbaseInitMsiLog" } $Host.UI.RawUI.WindowTitle = "Running SetSetupComplete..." & "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\bin\SetSetupComplete.cmd" Run-Defragment Clean-UpdateResources Release-IP $Host.UI.RawUI.WindowTitle = "Running Sysprep..." $unattendedXmlPath = "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\Unattend.xml" Set-PersistDrivers -Path $unattendedXmlPath -Persist:$persistDrivers # Add-Content "$ProgramFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf" "`nactivate_windows=true" if ($disableSwap) { ExecRetry { Disable-Swap } Set-UnattendEnableSwap -Path $unattendedXmlPath } Exit 0 & "$ENV:SystemRoot\System32\Sysprep\Sysprep.exe" `/generalize `/oobe `/shutdown `/unattend:"$unattendedXmlPath" } catch { $host.ui.WriteErrorLine($_.Exception.ToString()) $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") throw } ScriptBlock ID: a821ff8a-ff2b-407a-a7db-d5fe4664eb81 Path: C:\UnattendResources\Logon.ps1	4104	1		3	2	15	0	66	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2972	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:04 AM	289cfce6-9103-0001-b3fd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	65	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2676	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:03 AM	289cfce6-9103-0002-b5fd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1860 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	64	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	3580	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:02 AM	289cfce6-9103-0002-b5fd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	63	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2676	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:55:02 AM	289cfce6-9103-0002-b5fd-9c280391d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 995b7f6b-ae81-4871-be65-0f9f65a759a3 Host Application = C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Engine Version = 5.1.14393.1944 Runspace ID = a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	62	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	660	1896	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:16 AM	7c5c4ffb-9102-0003-3e51-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} ScriptBlock ID: a6578730-0e8f-43da-9220-26d4a2dddc02 Path:	4104	1		3	2	15	0	61	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	660	1896	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:15 AM	7c5c4ffb-9102-0002-0651-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	60	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	660	664	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:15 AM	7c5c4ffb-9102-0001-2951-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 660 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	59	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	660	1564	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:14 AM	7c5c4ffb-9102-0001-2951-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	58	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	660	664	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:14 AM	7c5c4ffb-9102-0001-2951-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = ea279757-10d2-4b3f-aea3-9bd56d8b557d Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 Engine Version = 5.1.14393.1944 Runspace ID = 4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = C:\UnattendResources\ini.psm1 Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	57	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	2980	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:13 AM	7c5c4ffb-9102-0002-ff50-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): <# Copyright 2014 Cloudbase Solutions Srl Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. #> $Source = @" using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces $null with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } } "@ Add-Type -TypeDefinition $Source -Language CSharp function Get-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter()] [string]$Default = $null, [parameter(Mandatory=$true)] [string]$Path, [parameter()] [switch]$AsBoolean ) process { $sb = New-Object -TypeName "System.Text.StringBuilder" -ArgumentList 1000 $retVal = [PSCloudbase.Win32IniApi]::GetPrivateProfileString($Section, $Key, $Default, $sb, $sb.Capacity, $Path) if (!$retVal) { $lastErr = [PSCloudbase.Win32IniApi]::GetLastError() if ($lastErr -ne 2) { throw "Cannot get value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } elseif (!(Test-Path $Path)) { throw "Ini file '$Path' does not exist" } } $value = $sb.ToString() if($AsBoolean) { return [System.Convert]::ToBoolean($value) } else { return $value } } } function Set-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Value, [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $Value, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot set value in ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } function Remove-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $null, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot remove value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } Export-ModuleMember Get-IniFileValue, Set-IniFileValue, Remove-IniFileValue ScriptBlock ID: d9d50bd8-57ca-445b-ad69-3893243002f8 Path: C:\UnattendResources\ini.psm1	4104	1		3	2	15	0	56	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	2980	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:12 AM	7c5c4ffb-9102-0002-fa50-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): $ErrorActionPreference = "Stop" $resourcesDir = "$ENV:SystemDrive\UnattendResources" $configIniPath = "$resourcesDir\config.ini" function Set-PersistDrivers { Param( [parameter(Mandatory=$true)] [string]$Path, [switch]$Persist=$true ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) }catch{ Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "generalize"){ $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component -and $xml.unattend.settings[$index].component.PersistAllDeviceInstalls -ne $Persist.ToString()){ $xml.unattend.settings[$index].component.PersistAllDeviceInstalls = $Persist.ToString() } } } $xml.Save($Path) } function Set-UnattendEnableSwap { Param( [parameter(Mandatory=$true)] [string]$Path ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) } catch { Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "specialize") { $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order) { $xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order = "2" } [xml]$RunSynchronousCommandXml = @" <RunSynchronousCommand xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <Order>1</Order> <Path>"C:\Windows\System32\reg.exe" ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PagingFiles" /d "?:\pagefile.sys" /f</Path> <Description>Set page file to be automatically managed by the system</Description> <WillReboot>Never</WillReboot> </RunSynchronousCommand> "@ $xml.unattend.settings[$index].component.RunSynchronous.AppendChild($xml.ImportNode($RunSynchronousCommandXml.RunSynchronousCommand, $true)) } } $xml.Save($Path) } function Clean-UpdateResources { $HOST.UI.RawUI.WindowTitle = "Running update resources cleanup" # We're done, disable AutoLogon Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -Name Unattend* Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoLogonCount # Cleanup if (Test-Path $resourcesDir) { Remove-Item -Recurse -Force $resourcesDir } if (Test-Path "$ENV:SystemDrive\Unattend.xml") { Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" } } function Clean-WindowsUpdates { Param( $PurgeUpdates ) $HOST.UI.RawUI.WindowTitle = "Running Dism cleanup..." if (([System.Environment]::OSVersion.Version.Major -gt 6) -or ([System.Environment]::OSVersion.Version.Minor -ge 2)) { if (!$PurgeUpdates) { Dism.exe /Online /Cleanup-Image /StartComponentCleanup } else { Dism.exe /Online /Cleanup-Image /StartComponentCleanup /ResetBase } if ($LASTEXITCODE) { throw "Dism.exe clean failed" } } } function Run-Defragment { $HOST.UI.RawUI.WindowTitle = "Running Defrag..." #Defragmenting all drives at normal priority defrag.exe /C /H /V if ($LASTEXITCODE) { throw "Defrag.exe failed" } } function Release-IP { $HOST.UI.RawUI.WindowTitle = "Releasing IP..." ipconfig.exe /release if ($LASTEXITCODE) { throw "IPconfig release failed" } } function Install-WindowsUpdates { Import-Module "$resourcesDir\WindowsUpdates\WindowsUpdates" $BaseOSKernelVersion = [System.Environment]::OSVersion.Version $OSKernelVersion = ($BaseOSKernelVersion.Major.ToString() + "." + $BaseOSKernelVersion.Minor.ToString()) $KBIdsBlacklist = @{ "6.1" = @("KB3013538","KB2808679", "KB2894844", "KB3019978", "KB2984976"); "6.2" = @("KB3013538", "KB3042058", "KB3172729") "6.3" = @("KB3013538", "KB3042058", "KB3172729") } $excludedUpdates = $KBIdsBlacklist[$OSKernelVersion] $updates = ExecRetry { Get-WindowsUpdate -Verbose -ExcludeKBId $excludedUpdates } -maxRetryCount 30 -retryInterval 1 $maximumUpdates = 20 if (!$updates.Count) { $updates = [array]$updates } if ($updates) { $availableUpdatesNumber = $updates.Count Write-Host "Found $availableUpdatesNumber updates. Installing..." try { Install-WindowsUpdate -Updates $updates[0..$maximumUpdates] } finally { Restart-Computer -Force exit 0 } } } function ExecRetry($command, $maxRetryCount=4, $retryInterval=4) { $currErrorActionPreference = $ErrorActionPreference $ErrorActionPreference = "Continue" $retryCount = 0 while ($true) { try { $res = Invoke-Command -ScriptBlock $command $ErrorActionPreference = $currErrorActionPreference return $res } catch [System.Exception] { $retryCount++ if ($retryCount -ge $maxRetryCount) { $ErrorActionPreference = $currErrorActionPreference throw } else { if($_) { Write-Warning $_ } Start-Sleep $retryInterval } } } } function Disable-Swap { $computerSystem = Get-WmiObject Win32_ComputerSystem if ($computerSystem.AutomaticManagedPagefile) { $computerSystem.AutomaticManagedPagefile = $False $computerSystem.Put() } $pageFileSetting = Get-WmiObject Win32_PageFileSetting if ($pageFileSetting) { $pageFileSetting.Delete() } } function Skip-Rearm { #Note: On 2008R2 we need to make sure that the sysprep process will not reset the activation status. # We can set the registry key SkipRearm to 1 in order to stop this. Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\' -Name SkipRearm -Value '1' } function Activate-Windows { # Note(cgalan): On 2008R2 the initial product key activation fails # so we need to manually activate it using slmgr # slmgr /ipk $productKey # slmgr /skms kms-spla.ad.ware.fi #slmgr /ato } try { Import-Module "$resourcesDir\ini.psm1" $installUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "InstallUpdates" -Default $false -AsBoolean $persistDrivers = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PersistDriverInstall" -Default $true -AsBoolean $purgeUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PurgeUpdates" -Default $false -AsBoolean $disableSwap = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "DisableSwap" -Default $false -AsBoolean $goldImage = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "GoldImage" -Default $false -AsBoolean $productKey = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "ProductKey" -Default $null # Note(avladu): Force a key push on the powershell console for it not to freeze $KeyPressPowershellProcess = Start-Process -NoNewWindow -FilePath "powershell.exe" {Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}} -PassThru if ($productKey) { Activate-Windows Skip-Rearm } if($installUpdates) { Install-WindowsUpdates } ExecRetry { Clean-WindowsUpdates -PurgeUpdates $purgeUpdates } $KeyPressPowershellProcess | Stop-Process if ($goldImage) { # Cleanup Remove-Item -Recurse -Force $resourcesDir Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" shutdown -s -t 0 -f } $Host.UI.RawUI.WindowTitle = "Installing Cloudbase-Init..." $programFilesDir = $ENV:ProgramFiles $CloudbaseInitMsiPath = "$resourcesDir\CloudbaseInit.msi" $CloudbaseInitMsiLog = "$resourcesDir\CloudbaseInit.log" $serialPortName = @(Get-WmiObject Win32_SerialPort)[0].DeviceId $p = Start-Process -Wait -PassThru -FilePath msiexec -ArgumentList "/i $CloudbaseInitMsiPath /qn /l*v $CloudbaseInitMsiLog LOGGINGSERIALPORTNAME=$serialPortName" if ($p.ExitCode -ne 0) { throw "Installing $CloudbaseInitMsiPath failed. Log: $CloudbaseInitMsiLog" } $Host.UI.RawUI.WindowTitle = "Running SetSetupComplete..." & "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\bin\SetSetupComplete.cmd" Run-Defragment Clean-UpdateResources Release-IP $Host.UI.RawUI.WindowTitle = "Running Sysprep..." $unattendedXmlPath = "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\Unattend.xml" Set-PersistDrivers -Path $unattendedXmlPath -Persist:$persistDrivers # Add-Content "$ProgramFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf" "`nactivate_windows=true" if ($disableSwap) { ExecRetry { Disable-Swap } Set-UnattendEnableSwap -Path $unattendedXmlPath } Exit 0 & "$ENV:SystemRoot\System32\Sysprep\Sysprep.exe" `/generalize `/oobe `/shutdown `/unattend:"$unattendedXmlPath" } catch { $host.ui.WriteErrorLine($_.Exception.ToString()) $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") throw } ScriptBlock ID: 180a3afa-c928-4e42-804e-bf5d7ce374e0 Path: C:\UnattendResources\Logon.ps1	4104	1		3	2	15	0	55	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	2980	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:12 AM	7c5c4ffb-9102-0003-2251-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	54	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	3976	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:11 AM	7c5c4ffb-9102-0001-2451-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3972 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	53	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	4092	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:10 AM	7c5c4ffb-9102-0001-2451-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	52	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3972	3976	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:51:09 AM	7c5c4ffb-9102-0001-2451-5c7c0291d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = a3c4b136-8b92-4591-8d05-55b9cc36181c Host Application = C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Engine Version = 5.1.14393.1944 Runspace ID = 27951a80-e512-49a7-b578-8a8c4c59ae5e Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	51	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4268	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:16 AM	9a81cb05-910f-0000-3ecc-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} ScriptBlock ID: fb30a6b6-2ca7-4eeb-8ef8-a6360e1a9d71 Path:	4104	1		3	2	15	0	50	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4268	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:15 AM	9a81cb05-910f-0001-65cc-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	49	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4172	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:15 AM	9a81cb05-910f-0002-0fcc-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4168 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	48	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4264	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:15 AM	9a81cb05-910f-0002-0fcc-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	47	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4172	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:15 AM	9a81cb05-910f-0002-0fcc-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 Engine Version = 5.1.14393.1944 Runspace ID = c332c739-15b8-4812-b056-a474dd9993ce Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = C:\UnattendResources\ini.psm1 Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	46	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2808	2916	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:15 AM	9a81cb05-910f-0002-ffcb-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): <# Copyright 2014 Cloudbase Solutions Srl Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. #> $Source = @" using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces $null with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } } "@ Add-Type -TypeDefinition $Source -Language CSharp function Get-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter()] [string]$Default = $null, [parameter(Mandatory=$true)] [string]$Path, [parameter()] [switch]$AsBoolean ) process { $sb = New-Object -TypeName "System.Text.StringBuilder" -ArgumentList 1000 $retVal = [PSCloudbase.Win32IniApi]::GetPrivateProfileString($Section, $Key, $Default, $sb, $sb.Capacity, $Path) if (!$retVal) { $lastErr = [PSCloudbase.Win32IniApi]::GetLastError() if ($lastErr -ne 2) { throw "Cannot get value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } elseif (!(Test-Path $Path)) { throw "Ini file '$Path' does not exist" } } $value = $sb.ToString() if($AsBoolean) { return [System.Convert]::ToBoolean($value) } else { return $value } } } function Set-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Value, [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $Value, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot set value in ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } function Remove-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $null, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot remove value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } Export-ModuleMember Get-IniFileValue, Set-IniFileValue, Remove-IniFileValue ScriptBlock ID: 9800722a-4c89-4d79-b3b7-5f0c901eb014 Path: C:\UnattendResources\ini.psm1	4104	1		3	2	15	0	45	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2808	2916	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:14 AM	9a81cb05-910f-0001-5acc-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): $ErrorActionPreference = "Stop" $resourcesDir = "$ENV:SystemDrive\UnattendResources" $configIniPath = "$resourcesDir\config.ini" function Set-PersistDrivers { Param( [parameter(Mandatory=$true)] [string]$Path, [switch]$Persist=$true ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) }catch{ Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "generalize"){ $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component -and $xml.unattend.settings[$index].component.PersistAllDeviceInstalls -ne $Persist.ToString()){ $xml.unattend.settings[$index].component.PersistAllDeviceInstalls = $Persist.ToString() } } } $xml.Save($Path) } function Set-UnattendEnableSwap { Param( [parameter(Mandatory=$true)] [string]$Path ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) } catch { Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "specialize") { $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order) { $xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order = "2" } [xml]$RunSynchronousCommandXml = @" <RunSynchronousCommand xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <Order>1</Order> <Path>"C:\Windows\System32\reg.exe" ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PagingFiles" /d "?:\pagefile.sys" /f</Path> <Description>Set page file to be automatically managed by the system</Description> <WillReboot>Never</WillReboot> </RunSynchronousCommand> "@ $xml.unattend.settings[$index].component.RunSynchronous.AppendChild($xml.ImportNode($RunSynchronousCommandXml.RunSynchronousCommand, $true)) } } $xml.Save($Path) } function Clean-UpdateResources { $HOST.UI.RawUI.WindowTitle = "Running update resources cleanup" # We're done, disable AutoLogon Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -Name Unattend* Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoLogonCount # Cleanup if (Test-Path $resourcesDir) { Remove-Item -Recurse -Force $resourcesDir } if (Test-Path "$ENV:SystemDrive\Unattend.xml") { Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" } } function Clean-WindowsUpdates { Param( $PurgeUpdates ) $HOST.UI.RawUI.WindowTitle = "Running Dism cleanup..." if (([System.Environment]::OSVersion.Version.Major -gt 6) -or ([System.Environment]::OSVersion.Version.Minor -ge 2)) { if (!$PurgeUpdates) { Dism.exe /Online /Cleanup-Image /StartComponentCleanup } else { Dism.exe /Online /Cleanup-Image /StartComponentCleanup /ResetBase } if ($LASTEXITCODE) { throw "Dism.exe clean failed" } } } function Run-Defragment { $HOST.UI.RawUI.WindowTitle = "Running Defrag..." #Defragmenting all drives at normal priority defrag.exe /C /H /V if ($LASTEXITCODE) { throw "Defrag.exe failed" } } function Release-IP { $HOST.UI.RawUI.WindowTitle = "Releasing IP..." ipconfig.exe /release if ($LASTEXITCODE) { throw "IPconfig release failed" } } function Install-WindowsUpdates { Import-Module "$resourcesDir\WindowsUpdates\WindowsUpdates" $BaseOSKernelVersion = [System.Environment]::OSVersion.Version $OSKernelVersion = ($BaseOSKernelVersion.Major.ToString() + "." + $BaseOSKernelVersion.Minor.ToString()) $KBIdsBlacklist = @{ "6.1" = @("KB3013538","KB2808679", "KB2894844", "KB3019978", "KB2984976"); "6.2" = @("KB3013538", "KB3042058", "KB3172729") "6.3" = @("KB3013538", "KB3042058", "KB3172729") } $excludedUpdates = $KBIdsBlacklist[$OSKernelVersion] $updates = ExecRetry { Get-WindowsUpdate -Verbose -ExcludeKBId $excludedUpdates } -maxRetryCount 30 -retryInterval 1 $maximumUpdates = 20 if (!$updates.Count) { $updates = [array]$updates } if ($updates) { $availableUpdatesNumber = $updates.Count Write-Host "Found $availableUpdatesNumber updates. Installing..." try { Install-WindowsUpdate -Updates $updates[0..$maximumUpdates] } finally { Restart-Computer -Force exit 0 } } } function ExecRetry($command, $maxRetryCount=4, $retryInterval=4) { $currErrorActionPreference = $ErrorActionPreference $ErrorActionPreference = "Continue" $retryCount = 0 while ($true) { try { $res = Invoke-Command -ScriptBlock $command $ErrorActionPreference = $currErrorActionPreference return $res } catch [System.Exception] { $retryCount++ if ($retryCount -ge $maxRetryCount) { $ErrorActionPreference = $currErrorActionPreference throw } else { if($_) { Write-Warning $_ } Start-Sleep $retryInterval } } } } function Disable-Swap { $computerSystem = Get-WmiObject Win32_ComputerSystem if ($computerSystem.AutomaticManagedPagefile) { $computerSystem.AutomaticManagedPagefile = $False $computerSystem.Put() } $pageFileSetting = Get-WmiObject Win32_PageFileSetting if ($pageFileSetting) { $pageFileSetting.Delete() } } function Skip-Rearm { #Note: On 2008R2 we need to make sure that the sysprep process will not reset the activation status. # We can set the registry key SkipRearm to 1 in order to stop this. Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\' -Name SkipRearm -Value '1' } function Activate-Windows { # Note(cgalan): On 2008R2 the initial product key activation fails # so we need to manually activate it using slmgr # slmgr /ipk $productKey # slmgr /skms kms-spla.ad.ware.fi #slmgr /ato } try { Import-Module "$resourcesDir\ini.psm1" $installUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "InstallUpdates" -Default $false -AsBoolean $persistDrivers = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PersistDriverInstall" -Default $true -AsBoolean $purgeUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PurgeUpdates" -Default $false -AsBoolean $disableSwap = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "DisableSwap" -Default $false -AsBoolean $goldImage = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "GoldImage" -Default $false -AsBoolean $productKey = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "ProductKey" -Default $null # Note(avladu): Force a key push on the powershell console for it not to freeze $KeyPressPowershellProcess = Start-Process -NoNewWindow -FilePath "powershell.exe" {Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}} -PassThru if ($productKey) { Activate-Windows Skip-Rearm } if($installUpdates) { Install-WindowsUpdates } ExecRetry { Clean-WindowsUpdates -PurgeUpdates $purgeUpdates } $KeyPressPowershellProcess | Stop-Process if ($goldImage) { # Cleanup Remove-Item -Recurse -Force $resourcesDir Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" shutdown -s -t 0 -f } $Host.UI.RawUI.WindowTitle = "Installing Cloudbase-Init..." $programFilesDir = $ENV:ProgramFiles $CloudbaseInitMsiPath = "$resourcesDir\CloudbaseInit.msi" $CloudbaseInitMsiLog = "$resourcesDir\CloudbaseInit.log" $serialPortName = @(Get-WmiObject Win32_SerialPort)[0].DeviceId $p = Start-Process -Wait -PassThru -FilePath msiexec -ArgumentList "/i $CloudbaseInitMsiPath /qn /l*v $CloudbaseInitMsiLog LOGGINGSERIALPORTNAME=$serialPortName" if ($p.ExitCode -ne 0) { throw "Installing $CloudbaseInitMsiPath failed. Log: $CloudbaseInitMsiLog" } $Host.UI.RawUI.WindowTitle = "Running SetSetupComplete..." & "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\bin\SetSetupComplete.cmd" Run-Defragment Clean-UpdateResources Release-IP $Host.UI.RawUI.WindowTitle = "Running Sysprep..." $unattendedXmlPath = "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\Unattend.xml" Set-PersistDrivers -Path $unattendedXmlPath -Persist:$persistDrivers # Add-Content "$ProgramFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf" "`nactivate_windows=true" if ($disableSwap) { ExecRetry { Disable-Swap } Set-UnattendEnableSwap -Path $unattendedXmlPath } Exit 0 & "$ENV:SystemRoot\System32\Sysprep\Sysprep.exe" `/generalize `/oobe `/shutdown `/unattend:"$unattendedXmlPath" } catch { $host.ui.WriteErrorLine($_.Exception.ToString()) $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") throw } ScriptBlock ID: c8a0a2f0-932d-437d-ab45-f4c1359a3519 Path: C:\UnattendResources\Logon.ps1	4104	1		3	2	15	0	44	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2808	2916	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:14 AM	9a81cb05-910f-0003-fecb-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	43	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2808	3840	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:13 AM	9a81cb05-910f-0003-fccb-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2808 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	42	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2808	3900	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:13 AM	9a81cb05-910f-0003-fccb-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	41	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2808	3840	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/19/2018 8:24:13 AM	9a81cb05-910f-0003-fccb-819a0f91d301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Dism.exe clean failed Fully Qualified Error ID = Dism.exe clean failed Context: Severity = Warning Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = a50f47e2-8630-4973-8a45-00e6a9d807c9 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 Engine Version = 5.1.14393.1944 Runspace ID = 0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6 Pipeline ID = 1 Command Name = Command Type = Script Name = C:\UnattendResources\Logon.ps1 Command Path = Sequence Number = 17 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	40	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2464	2212	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:34:26 PM	b65c0852-8ef4-0001-9e09-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 3b12ced5-170e-4ade-ada5-d47a03367310 Host Application = C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Engine Version = 5.1.14393.1944 Runspace ID = 4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	39	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3816	3948	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:23 PM	b65c0852-8ef4-0003-6609-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} ScriptBlock ID: 87998a44-6caa-4948-a177-56bfa64dbd19 Path:	4104	1		3	2	15	0	38	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3816	3948	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:23 PM	b65c0852-8ef4-0002-f209-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	37	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3816	3864	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:22 PM	b65c0852-8ef4-0002-e709-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3816 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	36	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3816	456	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:21 PM	b65c0852-8ef4-0002-e709-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	35	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3816	3864	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:20 PM	b65c0852-8ef4-0002-e709-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = a50f47e2-8630-4973-8a45-00e6a9d807c9 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 Engine Version = 5.1.14393.1944 Runspace ID = 0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = C:\UnattendResources\ini.psm1 Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	34	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2464	2212	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:20 PM	b65c0852-8ef4-0001-5f09-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): <# Copyright 2014 Cloudbase Solutions Srl Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. #> $Source = @" using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces $null with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } } "@ Add-Type -TypeDefinition $Source -Language CSharp function Get-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter()] [string]$Default = $null, [parameter(Mandatory=$true)] [string]$Path, [parameter()] [switch]$AsBoolean ) process { $sb = New-Object -TypeName "System.Text.StringBuilder" -ArgumentList 1000 $retVal = [PSCloudbase.Win32IniApi]::GetPrivateProfileString($Section, $Key, $Default, $sb, $sb.Capacity, $Path) if (!$retVal) { $lastErr = [PSCloudbase.Win32IniApi]::GetLastError() if ($lastErr -ne 2) { throw "Cannot get value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } elseif (!(Test-Path $Path)) { throw "Ini file '$Path' does not exist" } } $value = $sb.ToString() if($AsBoolean) { return [System.Convert]::ToBoolean($value) } else { return $value } } } function Set-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Value, [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $Value, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot set value in ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } function Remove-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $null, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot remove value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } Export-ModuleMember Get-IniFileValue, Set-IniFileValue, Remove-IniFileValue ScriptBlock ID: 9fc25d40-4507-4102-9890-f89b9bdb7e8a Path: C:\UnattendResources\ini.psm1	4104	1		3	2	15	0	33	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2464	2212	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:19 PM	b65c0852-8ef4-0000-6809-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): $ErrorActionPreference = "Stop" $resourcesDir = "$ENV:SystemDrive\UnattendResources" $configIniPath = "$resourcesDir\config.ini" function Set-PersistDrivers { Param( [parameter(Mandatory=$true)] [string]$Path, [switch]$Persist=$true ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) }catch{ Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "generalize"){ $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component -and $xml.unattend.settings[$index].component.PersistAllDeviceInstalls -ne $Persist.ToString()){ $xml.unattend.settings[$index].component.PersistAllDeviceInstalls = $Persist.ToString() } } } $xml.Save($Path) } function Set-UnattendEnableSwap { Param( [parameter(Mandatory=$true)] [string]$Path ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) } catch { Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "specialize") { $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order) { $xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order = "2" } [xml]$RunSynchronousCommandXml = @" <RunSynchronousCommand xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <Order>1</Order> <Path>"C:\Windows\System32\reg.exe" ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PagingFiles" /d "?:\pagefile.sys" /f</Path> <Description>Set page file to be automatically managed by the system</Description> <WillReboot>Never</WillReboot> </RunSynchronousCommand> "@ $xml.unattend.settings[$index].component.RunSynchronous.AppendChild($xml.ImportNode($RunSynchronousCommandXml.RunSynchronousCommand, $true)) } } $xml.Save($Path) } function Clean-UpdateResources { $HOST.UI.RawUI.WindowTitle = "Running update resources cleanup" # We're done, disable AutoLogon Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -Name Unattend* Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoLogonCount # Cleanup if (Test-Path $resourcesDir) { Remove-Item -Recurse -Force $resourcesDir } if (Test-Path "$ENV:SystemDrive\Unattend.xml") { Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" } } function Clean-WindowsUpdates { Param( $PurgeUpdates ) $HOST.UI.RawUI.WindowTitle = "Running Dism cleanup..." if (([System.Environment]::OSVersion.Version.Major -gt 6) -or ([System.Environment]::OSVersion.Version.Minor -ge 2)) { if (!$PurgeUpdates) { Dism.exe /Online /Cleanup-Image /StartComponentCleanup } else { Dism.exe /Online /Cleanup-Image /StartComponentCleanup /ResetBase } if ($LASTEXITCODE) { throw "Dism.exe clean failed" } } } function Run-Defragment { $HOST.UI.RawUI.WindowTitle = "Running Defrag..." #Defragmenting all drives at normal priority defrag.exe /C /H /V if ($LASTEXITCODE) { throw "Defrag.exe failed" } } function Release-IP { $HOST.UI.RawUI.WindowTitle = "Releasing IP..." ipconfig.exe /release if ($LASTEXITCODE) { throw "IPconfig release failed" } } function Install-WindowsUpdates { Import-Module "$resourcesDir\WindowsUpdates\WindowsUpdates" $BaseOSKernelVersion = [System.Environment]::OSVersion.Version $OSKernelVersion = ($BaseOSKernelVersion.Major.ToString() + "." + $BaseOSKernelVersion.Minor.ToString()) $KBIdsBlacklist = @{ "6.1" = @("KB3013538","KB2808679", "KB2894844", "KB3019978", "KB2984976"); "6.2" = @("KB3013538", "KB3042058", "KB3172729") "6.3" = @("KB3013538", "KB3042058", "KB3172729") } $excludedUpdates = $KBIdsBlacklist[$OSKernelVersion] $updates = ExecRetry { Get-WindowsUpdate -Verbose -ExcludeKBId $excludedUpdates } -maxRetryCount 30 -retryInterval 1 $maximumUpdates = 20 if (!$updates.Count) { $updates = [array]$updates } if ($updates) { $availableUpdatesNumber = $updates.Count Write-Host "Found $availableUpdatesNumber updates. Installing..." try { Install-WindowsUpdate -Updates $updates[0..$maximumUpdates] } finally { Restart-Computer -Force exit 0 } } } function ExecRetry($command, $maxRetryCount=4, $retryInterval=4) { $currErrorActionPreference = $ErrorActionPreference $ErrorActionPreference = "Continue" $retryCount = 0 while ($true) { try { $res = Invoke-Command -ScriptBlock $command $ErrorActionPreference = $currErrorActionPreference return $res } catch [System.Exception] { $retryCount++ if ($retryCount -ge $maxRetryCount) { $ErrorActionPreference = $currErrorActionPreference throw } else { if($_) { Write-Warning $_ } Start-Sleep $retryInterval } } } } function Disable-Swap { $computerSystem = Get-WmiObject Win32_ComputerSystem if ($computerSystem.AutomaticManagedPagefile) { $computerSystem.AutomaticManagedPagefile = $False $computerSystem.Put() } $pageFileSetting = Get-WmiObject Win32_PageFileSetting if ($pageFileSetting) { $pageFileSetting.Delete() } } function Skip-Rearm { #Note: On 2008R2 we need to make sure that the sysprep process will not reset the activation status. # We can set the registry key SkipRearm to 1 in order to stop this. Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\' -Name SkipRearm -Value '1' } function Activate-Windows { # Note(cgalan): On 2008R2 the initial product key activation fails # so we need to manually activate it using slmgr # slmgr /ipk $productKey # slmgr /skms kms-spla.ad.ware.fi #slmgr /ato } try { Import-Module "$resourcesDir\ini.psm1" $installUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "InstallUpdates" -Default $false -AsBoolean $persistDrivers = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PersistDriverInstall" -Default $true -AsBoolean $purgeUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PurgeUpdates" -Default $false -AsBoolean $disableSwap = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "DisableSwap" -Default $false -AsBoolean $goldImage = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "GoldImage" -Default $false -AsBoolean $productKey = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "ProductKey" -Default $null # Note(avladu): Force a key push on the powershell console for it not to freeze $KeyPressPowershellProcess = Start-Process -NoNewWindow -FilePath "powershell.exe" {Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}} -PassThru if ($productKey) { Activate-Windows Skip-Rearm } if($installUpdates) { Install-WindowsUpdates } ExecRetry { Clean-WindowsUpdates -PurgeUpdates $purgeUpdates } $KeyPressPowershellProcess | Stop-Process if ($goldImage) { # Cleanup Remove-Item -Recurse -Force $resourcesDir Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" shutdown -s -t 0 -f } $Host.UI.RawUI.WindowTitle = "Installing Cloudbase-Init..." $programFilesDir = $ENV:ProgramFiles $CloudbaseInitMsiPath = "$resourcesDir\CloudbaseInit.msi" $CloudbaseInitMsiLog = "$resourcesDir\CloudbaseInit.log" $serialPortName = @(Get-WmiObject Win32_SerialPort)[0].DeviceId $p = Start-Process -Wait -PassThru -FilePath msiexec -ArgumentList "/i $CloudbaseInitMsiPath /qn /l*v $CloudbaseInitMsiLog LOGGINGSERIALPORTNAME=$serialPortName" if ($p.ExitCode -ne 0) { throw "Installing $CloudbaseInitMsiPath failed. Log: $CloudbaseInitMsiLog" } $Host.UI.RawUI.WindowTitle = "Running SetSetupComplete..." & "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\bin\SetSetupComplete.cmd" Run-Defragment Clean-UpdateResources Release-IP $Host.UI.RawUI.WindowTitle = "Running Sysprep..." $unattendedXmlPath = "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\Unattend.xml" Set-PersistDrivers -Path $unattendedXmlPath -Persist:$persistDrivers Add-Content "$ProgramFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf" "`nactivate_windows=true" if ($disableSwap) { ExecRetry { Disable-Swap } Set-UnattendEnableSwap -Path $unattendedXmlPath } #Exit 0 & "$ENV:SystemRoot\System32\Sysprep\Sysprep.exe" `/generalize `/oobe `/shutdown `/unattend:"$unattendedXmlPath" } catch { $host.ui.WriteErrorLine($_.Exception.ToString()) $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") throw } ScriptBlock ID: a2d85868-eb11-4974-a91f-a0d50ef01d92 Path: C:\UnattendResources\Logon.ps1	4104	1		3	2	15	0	32	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2464	2212	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:19 PM	b65c0852-8ef4-0001-5d09-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	31	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2464	1108	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:17 PM	b65c0852-8ef4-0003-5709-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2464 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	30	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2464	2508	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:16 PM	b65c0852-8ef4-0003-5709-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	29	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2464	1108	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 6:07:16 PM	b65c0852-8ef4-0003-5709-5cb6f48ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = 4c0ae675-b105-412a-be64-2005b0dcac13 Host Application = C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Engine Version = 5.1.14393.1944 Runspace ID = 435f43b7-5ec6-41ea-9e53-9b93107b8d41 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	28	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	624	4128	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:30 PM	53b2b737-8ef1-0002-c9b8-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} ScriptBlock ID: 5ef8efd5-47dd-4339-a5eb-f54065910777 Path:	4104	1		3	2	15	0	27	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	624	4128	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:29 PM	53b2b737-8ef1-0003-afb9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	26	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	624	3452	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:29 PM	53b2b737-8ef1-0000-25b9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 624 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	25	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	624	628	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:27 PM	53b2b737-8ef1-0000-25b9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	24	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	624	3452	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:27 PM	53b2b737-8ef1-0000-25b9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.1944 Host ID = b2985717-76be-43ef-9b0a-41db65a781f6 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 Engine Version = 5.1.14393.1944 Runspace ID = 21324846-87d1-4add-8e96-8b8ecf3baec5 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = C:\UnattendResources\ini.psm1 Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	23	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	3320	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:26 PM	53b2b737-8ef1-0003-93b9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): <# Copyright 2014 Cloudbase Solutions Srl Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. #> $Source = @" using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces $null with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } } "@ Add-Type -TypeDefinition $Source -Language CSharp function Get-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter()] [string]$Default = $null, [parameter(Mandatory=$true)] [string]$Path, [parameter()] [switch]$AsBoolean ) process { $sb = New-Object -TypeName "System.Text.StringBuilder" -ArgumentList 1000 $retVal = [PSCloudbase.Win32IniApi]::GetPrivateProfileString($Section, $Key, $Default, $sb, $sb.Capacity, $Path) if (!$retVal) { $lastErr = [PSCloudbase.Win32IniApi]::GetLastError() if ($lastErr -ne 2) { throw "Cannot get value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } elseif (!(Test-Path $Path)) { throw "Ini file '$Path' does not exist" } } $value = $sb.ToString() if($AsBoolean) { return [System.Convert]::ToBoolean($value) } else { return $value } } } function Set-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Value, [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $Value, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot set value in ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } function Remove-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $null, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot remove value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } Export-ModuleMember Get-IniFileValue, Set-IniFileValue, Remove-IniFileValue ScriptBlock ID: b9078b41-e742-4f71-b30a-fe98b3304f11 Path: C:\UnattendResources\ini.psm1	4104	1		3	2	15	0	22	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	3320	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:25 PM	53b2b737-8ef1-0003-92b9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): $ErrorActionPreference = "Stop" $resourcesDir = "$ENV:SystemDrive\UnattendResources" $configIniPath = "$resourcesDir\config.ini" function Set-PersistDrivers { Param( [parameter(Mandatory=$true)] [string]$Path, [switch]$Persist=$true ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) }catch{ Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "generalize"){ $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component -and $xml.unattend.settings[$index].component.PersistAllDeviceInstalls -ne $Persist.ToString()){ $xml.unattend.settings[$index].component.PersistAllDeviceInstalls = $Persist.ToString() } } } $xml.Save($Path) } function Set-UnattendEnableSwap { Param( [parameter(Mandatory=$true)] [string]$Path ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) } catch { Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "specialize") { $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order) { $xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order = "2" } [xml]$RunSynchronousCommandXml = @" <RunSynchronousCommand xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <Order>1</Order> <Path>"C:\Windows\System32\reg.exe" ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PagingFiles" /d "?:\pagefile.sys" /f</Path> <Description>Set page file to be automatically managed by the system</Description> <WillReboot>Never</WillReboot> </RunSynchronousCommand> "@ $xml.unattend.settings[$index].component.RunSynchronous.AppendChild($xml.ImportNode($RunSynchronousCommandXml.RunSynchronousCommand, $true)) } } $xml.Save($Path) } function Clean-UpdateResources { $HOST.UI.RawUI.WindowTitle = "Running update resources cleanup" # We're done, disable AutoLogon Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -Name Unattend* Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoLogonCount # Cleanup if (Test-Path $resourcesDir) { Remove-Item -Recurse -Force $resourcesDir } if (Test-Path "$ENV:SystemDrive\Unattend.xml") { Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" } } function Clean-WindowsUpdates { Param( $PurgeUpdates ) $HOST.UI.RawUI.WindowTitle = "Running Dism cleanup..." if (([System.Environment]::OSVersion.Version.Major -gt 6) -or ([System.Environment]::OSVersion.Version.Minor -ge 2)) { if (!$PurgeUpdates) { Dism.exe /Online /Cleanup-Image /StartComponentCleanup } else { Dism.exe /Online /Cleanup-Image /StartComponentCleanup /ResetBase } if ($LASTEXITCODE) { throw "Dism.exe clean failed" } } } function Run-Defragment { $HOST.UI.RawUI.WindowTitle = "Running Defrag..." #Defragmenting all drives at normal priority defrag.exe /C /H /V if ($LASTEXITCODE) { throw "Defrag.exe failed" } } function Release-IP { $HOST.UI.RawUI.WindowTitle = "Releasing IP..." ipconfig.exe /release if ($LASTEXITCODE) { throw "IPconfig release failed" } } function Install-WindowsUpdates { Import-Module "$resourcesDir\WindowsUpdates\WindowsUpdates" $BaseOSKernelVersion = [System.Environment]::OSVersion.Version $OSKernelVersion = ($BaseOSKernelVersion.Major.ToString() + "." + $BaseOSKernelVersion.Minor.ToString()) $KBIdsBlacklist = @{ "6.1" = @("KB3013538","KB2808679", "KB2894844", "KB3019978", "KB2984976"); "6.2" = @("KB3013538", "KB3042058", "KB3172729") "6.3" = @("KB3013538", "KB3042058", "KB3172729") } $excludedUpdates = $KBIdsBlacklist[$OSKernelVersion] $updates = ExecRetry { Get-WindowsUpdate -Verbose -ExcludeKBId $excludedUpdates } -maxRetryCount 30 -retryInterval 1 $maximumUpdates = 20 if (!$updates.Count) { $updates = [array]$updates } if ($updates) { $availableUpdatesNumber = $updates.Count Write-Host "Found $availableUpdatesNumber updates. Installing..." try { Install-WindowsUpdate -Updates $updates[0..$maximumUpdates] } finally { Restart-Computer -Force exit 0 } } } function ExecRetry($command, $maxRetryCount=4, $retryInterval=4) { $currErrorActionPreference = $ErrorActionPreference $ErrorActionPreference = "Continue" $retryCount = 0 while ($true) { try { $res = Invoke-Command -ScriptBlock $command $ErrorActionPreference = $currErrorActionPreference return $res } catch [System.Exception] { $retryCount++ if ($retryCount -ge $maxRetryCount) { $ErrorActionPreference = $currErrorActionPreference throw } else { if($_) { Write-Warning $_ } Start-Sleep $retryInterval } } } } function Disable-Swap { $computerSystem = Get-WmiObject Win32_ComputerSystem if ($computerSystem.AutomaticManagedPagefile) { $computerSystem.AutomaticManagedPagefile = $False $computerSystem.Put() } $pageFileSetting = Get-WmiObject Win32_PageFileSetting if ($pageFileSetting) { $pageFileSetting.Delete() } } function Skip-Rearm { #Note: On 2008R2 we need to make sure that the sysprep process will not reset the activation status. # We can set the registry key SkipRearm to 1 in order to stop this. Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\' -Name SkipRearm -Value '1' } function Activate-Windows { # Note(cgalan): On 2008R2 the initial product key activation fails # so we need to manually activate it using slmgr # slmgr /ipk $productKey # slmgr /skms kms-spla.ad.ware.fi #slmgr /ato } try { Import-Module "$resourcesDir\ini.psm1" $installUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "InstallUpdates" -Default $false -AsBoolean $persistDrivers = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PersistDriverInstall" -Default $true -AsBoolean $purgeUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PurgeUpdates" -Default $false -AsBoolean $disableSwap = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "DisableSwap" -Default $false -AsBoolean $goldImage = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "GoldImage" -Default $false -AsBoolean $productKey = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "ProductKey" -Default $null # Note(avladu): Force a key push on the powershell console for it not to freeze $KeyPressPowershellProcess = Start-Process -NoNewWindow -FilePath "powershell.exe" {Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}} -PassThru if ($productKey) { Activate-Windows Skip-Rearm } if($installUpdates) { Install-WindowsUpdates } ExecRetry { Clean-WindowsUpdates -PurgeUpdates $purgeUpdates } $KeyPressPowershellProcess | Stop-Process if ($goldImage) { # Cleanup Remove-Item -Recurse -Force $resourcesDir Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" shutdown -s -t 0 -f } $Host.UI.RawUI.WindowTitle = "Installing Cloudbase-Init..." $programFilesDir = $ENV:ProgramFiles $CloudbaseInitMsiPath = "$resourcesDir\CloudbaseInit.msi" $CloudbaseInitMsiLog = "$resourcesDir\CloudbaseInit.log" $serialPortName = @(Get-WmiObject Win32_SerialPort)[0].DeviceId $p = Start-Process -Wait -PassThru -FilePath msiexec -ArgumentList "/i $CloudbaseInitMsiPath /qn /l*v $CloudbaseInitMsiLog LOGGINGSERIALPORTNAME=$serialPortName" if ($p.ExitCode -ne 0) { throw "Installing $CloudbaseInitMsiPath failed. Log: $CloudbaseInitMsiLog" } $Host.UI.RawUI.WindowTitle = "Running SetSetupComplete..." & "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\bin\SetSetupComplete.cmd" Run-Defragment Clean-UpdateResources Release-IP $Host.UI.RawUI.WindowTitle = "Running Sysprep..." $unattendedXmlPath = "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\Unattend.xml" Set-PersistDrivers -Path $unattendedXmlPath -Persist:$persistDrivers Add-Content "$ProgramFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf" "`nactivate_windows=true" if ($disableSwap) { ExecRetry { Disable-Swap } Set-UnattendEnableSwap -Path $unattendedXmlPath } #Exit 0 & "$ENV:SystemRoot\System32\Sysprep\Sysprep.exe" `/generalize `/oobe `/shutdown `/unattend:"$unattendedXmlPath" } catch { $host.ui.WriteErrorLine($_.Exception.ToString()) $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") throw } ScriptBlock ID: afce7f1d-87ca-4a04-91da-b4d3abe107a7 Path: C:\UnattendResources\Logon.ps1	4104	1		3	2	15	0	21	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	3320	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:25 PM	53b2b737-8ef1-0003-91b9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	20	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	2648	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:24 PM	53b2b737-8ef1-0003-89b9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2140 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	19	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	3572	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:22 PM	53b2b737-8ef1-0003-89b9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	18	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2140	2648	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:43:22 PM	53b2b737-8ef1-0003-89b9-b253f18ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.0 Host ID = db882125-c9ba-4a77-b198-18055547ec63 Host Application = C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} Engine Version = 5.1.14393.0 Runspace ID = e01d735e-b2d6-4538-b5bc-96db397d918b Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	17	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5648	5728	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:31 PM	a4626349-8ea8-0000-376c-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;} ScriptBlock ID: b8cb258e-ebce-49c9-909e-5fd533aebd6b Path:	4104	1		3	2	15	0	16	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5648	5728	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:31 PM	a4626349-8ea8-0000-356c-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	15	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5648	5652	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:31 PM	a4626349-8ea8-0002-676d-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5648 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	14	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5648	5724	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:31 PM	a4626349-8ea8-0002-676d-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	13	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5648	5652	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:31 PM	a4626349-8ea8-0002-676d-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } }" ParameterBinding(Add-Type): name="Language"; value="CSharp" Context: Severity = Informational Host Name = ConsoleHost Host Version = 5.1.14393.0 Host ID = c8f34489-4e8b-4b9c-84c9-71725a4cc1f0 Host Application = C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1 Engine Version = 5.1.14393.0 Runspace ID = 9f172a18-8cea-4b39-aef6-cb820c01f9d3 Pipeline ID = 1 Command Name = Add-Type Command Type = Cmdlet Script Name = C:\UnattendResources\ini.psm1 Command Path = Sequence Number = 16 User = WIN-5T344G8GM1H\Administrator Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	12	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5464	5588	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:31 PM	a4626349-8ea8-0000-086c-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): <# Copyright 2014 Cloudbase Solutions Srl Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. #> $Source = @" using System; using System.Text; using System.Runtime.InteropServices; namespace PSCloudbase { public sealed class Win32IniApi { [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] public static extern uint GetPrivateProfileString( string lpAppName, string lpKeyName, string lpDefault, StringBuilder lpReturnedString, uint nSize, string lpFileName); [DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WritePrivateProfileString( string lpAppName, string lpKeyName, StringBuilder lpString, // Don't use string, as Powershell replaces $null with an empty string string lpFileName); [DllImport("Kernel32.dll")] public static extern uint GetLastError(); } } "@ Add-Type -TypeDefinition $Source -Language CSharp function Get-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter()] [string]$Default = $null, [parameter(Mandatory=$true)] [string]$Path, [parameter()] [switch]$AsBoolean ) process { $sb = New-Object -TypeName "System.Text.StringBuilder" -ArgumentList 1000 $retVal = [PSCloudbase.Win32IniApi]::GetPrivateProfileString($Section, $Key, $Default, $sb, $sb.Capacity, $Path) if (!$retVal) { $lastErr = [PSCloudbase.Win32IniApi]::GetLastError() if ($lastErr -ne 2) { throw "Cannot get value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } elseif (!(Test-Path $Path)) { throw "Ini file '$Path' does not exist" } } $value = $sb.ToString() if($AsBoolean) { return [System.Convert]::ToBoolean($value) } else { return $value } } } function Set-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Value, [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $Value, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot set value in ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } function Remove-IniFileValue { [CmdletBinding()] param ( [parameter(Mandatory=$true, ValueFromPipeline=$true)] [string]$Key, [parameter()] [string]$Section = "DEFAULT", [parameter(Mandatory=$true)] [string]$Path ) process { $retVal = [PSCloudbase.Win32IniApi]::WritePrivateProfileString($Section, $Key, $null, $Path) if (!$retVal -and [PSCloudbase.Win32IniApi]::GetLastError()) { throw "Cannot remove value from ini file: " + [PSCloudbase.Win32IniApi]::GetLastError() } } } Export-ModuleMember Get-IniFileValue, Set-IniFileValue, Remove-IniFileValue ScriptBlock ID: 2aeeb9c1-7f01-47fd-9e4c-7077f88df210 Path: C:\UnattendResources\ini.psm1	4104	1		3	2	15	0	11	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5464	5588	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:30 PM	a4626349-8ea8-0000-046c-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): $ErrorActionPreference = "Stop" $resourcesDir = "$ENV:SystemDrive\UnattendResources" $configIniPath = "$resourcesDir\config.ini" function Set-PersistDrivers { Param( [parameter(Mandatory=$true)] [string]$Path, [switch]$Persist=$true ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) }catch{ Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "generalize"){ $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component -and $xml.unattend.settings[$index].component.PersistAllDeviceInstalls -ne $Persist.ToString()){ $xml.unattend.settings[$index].component.PersistAllDeviceInstalls = $Persist.ToString() } } } $xml.Save($Path) } function Set-UnattendEnableSwap { Param( [parameter(Mandatory=$true)] [string]$Path ) if (!(Test-Path $Path)){ return $false } try { $xml = [xml](Get-Content $Path) } catch { Write-Error "Failed to load $Path" return $false } if (!$xml.unattend.settings){ return $false } foreach ($i in $xml.unattend.settings) { if ($i.pass -eq "specialize") { $index = [array]::IndexOf($xml.unattend.settings, $i) if ($xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order) { $xml.unattend.settings[$index].component.RunSynchronous.RunSynchronousCommand.Order = "2" } [xml]$RunSynchronousCommandXml = @" <RunSynchronousCommand xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <Order>1</Order> <Path>"C:\Windows\System32\reg.exe" ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "PagingFiles" /d "?:\pagefile.sys" /f</Path> <Description>Set page file to be automatically managed by the system</Description> <WillReboot>Never</WillReboot> </RunSynchronousCommand> "@ $xml.unattend.settings[$index].component.RunSynchronous.AppendChild($xml.ImportNode($RunSynchronousCommandXml.RunSynchronousCommand, $true)) } } $xml.Save($Path) } function Clean-UpdateResources { $HOST.UI.RawUI.WindowTitle = "Running update resources cleanup" # We're done, disable AutoLogon Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -Name Unattend* Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name AutoLogonCount # Cleanup if (Test-Path $resourcesDir) { Remove-Item -Recurse -Force $resourcesDir } if (Test-Path "$ENV:SystemDrive\Unattend.xml") { Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" } } function Clean-WindowsUpdates { Param( $PurgeUpdates ) $HOST.UI.RawUI.WindowTitle = "Running Dism cleanup..." if (([System.Environment]::OSVersion.Version.Major -gt 6) -or ([System.Environment]::OSVersion.Version.Minor -ge 2)) { if (!$PurgeUpdates) { Dism.exe /Online /Cleanup-Image /StartComponentCleanup } else { Dism.exe /Online /Cleanup-Image /StartComponentCleanup /ResetBase } if ($LASTEXITCODE) { throw "Dism.exe clean failed" } } } function Run-Defragment { $HOST.UI.RawUI.WindowTitle = "Running Defrag..." #Defragmenting all drives at normal priority defrag.exe /C /H /V if ($LASTEXITCODE) { throw "Defrag.exe failed" } } function Release-IP { $HOST.UI.RawUI.WindowTitle = "Releasing IP..." ipconfig.exe /release if ($LASTEXITCODE) { throw "IPconfig release failed" } } function Install-WindowsUpdates { Import-Module "$resourcesDir\WindowsUpdates\WindowsUpdates" $BaseOSKernelVersion = [System.Environment]::OSVersion.Version $OSKernelVersion = ($BaseOSKernelVersion.Major.ToString() + "." + $BaseOSKernelVersion.Minor.ToString()) $KBIdsBlacklist = @{ "6.1" = @("KB3013538","KB2808679", "KB2894844", "KB3019978", "KB2984976"); "6.2" = @("KB3013538", "KB3042058", "KB3172729") "6.3" = @("KB3013538", "KB3042058", "KB3172729") } $excludedUpdates = $KBIdsBlacklist[$OSKernelVersion] $updates = ExecRetry { Get-WindowsUpdate -Verbose -ExcludeKBId $excludedUpdates } -maxRetryCount 30 -retryInterval 1 $maximumUpdates = 20 if (!$updates.Count) { $updates = [array]$updates } if ($updates) { $availableUpdatesNumber = $updates.Count Write-Host "Found $availableUpdatesNumber updates. Installing..." try { Install-WindowsUpdate -Updates $updates[0..$maximumUpdates] } finally { Restart-Computer -Force exit 0 } } } function ExecRetry($command, $maxRetryCount=4, $retryInterval=4) { $currErrorActionPreference = $ErrorActionPreference $ErrorActionPreference = "Continue" $retryCount = 0 while ($true) { try { $res = Invoke-Command -ScriptBlock $command $ErrorActionPreference = $currErrorActionPreference return $res } catch [System.Exception] { $retryCount++ if ($retryCount -ge $maxRetryCount) { $ErrorActionPreference = $currErrorActionPreference throw } else { if($_) { Write-Warning $_ } Start-Sleep $retryInterval } } } } function Disable-Swap { $computerSystem = Get-WmiObject Win32_ComputerSystem if ($computerSystem.AutomaticManagedPagefile) { $computerSystem.AutomaticManagedPagefile = $False $computerSystem.Put() } $pageFileSetting = Get-WmiObject Win32_PageFileSetting if ($pageFileSetting) { $pageFileSetting.Delete() } } function Skip-Rearm { #Note: On 2008R2 we need to make sure that the sysprep process will not reset the activation status. # We can set the registry key SkipRearm to 1 in order to stop this. Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\' -Name SkipRearm -Value '1' } function Activate-Windows { # Note(cgalan): On 2008R2 the initial product key activation fails # so we need to manually activate it using slmgr # slmgr /ipk $productKey # slmgr /skms kms-spla.ad.ware.fi #slmgr /ato } try { Import-Module "$resourcesDir\ini.psm1" $installUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "InstallUpdates" -Default $false -AsBoolean $persistDrivers = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PersistDriverInstall" -Default $true -AsBoolean $purgeUpdates = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "PurgeUpdates" -Default $false -AsBoolean $disableSwap = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "DisableSwap" -Default $false -AsBoolean $goldImage = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "GoldImage" -Default $false -AsBoolean $productKey = Get-IniFileValue -Path $configIniPath -Section "DEFAULT" -Key "ProductKey" -Default $null # Note(avladu): Force a key push on the powershell console for it not to freeze $KeyPressPowershellProcess = Start-Process -NoNewWindow -FilePath "powershell.exe" {Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}} -PassThru if ($productKey) { Activate-Windows Skip-Rearm } if($installUpdates) { Install-WindowsUpdates } ExecRetry { Clean-WindowsUpdates -PurgeUpdates $purgeUpdates } $KeyPressPowershellProcess | Stop-Process if ($goldImage) { # Cleanup Remove-Item -Recurse -Force $resourcesDir Remove-Item -Force "$ENV:SystemDrive\Unattend.xml" shutdown -s -t 0 -f } $Host.UI.RawUI.WindowTitle = "Installing Cloudbase-Init..." $programFilesDir = $ENV:ProgramFiles $CloudbaseInitMsiPath = "$resourcesDir\CloudbaseInit.msi" $CloudbaseInitMsiLog = "$resourcesDir\CloudbaseInit.log" $serialPortName = @(Get-WmiObject Win32_SerialPort)[0].DeviceId $p = Start-Process -Wait -PassThru -FilePath msiexec -ArgumentList "/i $CloudbaseInitMsiPath /qn /l*v $CloudbaseInitMsiLog LOGGINGSERIALPORTNAME=$serialPortName" if ($p.ExitCode -ne 0) { throw "Installing $CloudbaseInitMsiPath failed. Log: $CloudbaseInitMsiLog" } $Host.UI.RawUI.WindowTitle = "Running SetSetupComplete..." & "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\bin\SetSetupComplete.cmd" Run-Defragment Clean-UpdateResources Release-IP $Host.UI.RawUI.WindowTitle = "Running Sysprep..." $unattendedXmlPath = "$programFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\Unattend.xml" Set-PersistDrivers -Path $unattendedXmlPath -Persist:$persistDrivers Add-Content "$ProgramFilesDir\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf" "`nactivate_windows=true" if ($disableSwap) { ExecRetry { Disable-Swap } Set-UnattendEnableSwap -Path $unattendedXmlPath } #Exit 0 & "$ENV:SystemRoot\System32\Sysprep\Sysprep.exe" `/generalize `/oobe `/shutdown `/unattend:"$unattendedXmlPath" } catch { $host.ui.WriteErrorLine($_.Exception.ToString()) $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown") throw } ScriptBlock ID: 8d4075a3-b34d-4a7b-946b-7e9102d6ae4c Path: C:\UnattendResources\Logon.ps1	4104	1		3	2	15	0	10	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5464	5588	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:30 PM	a4626349-8ea8-0000-036c-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	9	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5464	5468	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:30 PM	a4626349-8ea8-0002-656d-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5464 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	8	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5464	5584	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:30 PM	a4626349-8ea8-0002-656d-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	7	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5464	5468	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:30 PM	a4626349-8ea8-0002-656d-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	6	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3528	3536	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:16 PM	a4626349-8ea8-0002-d966-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3528 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	5	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3528	3552	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:15 PM	a4626349-8ea8-0002-d966-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	4	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3528	3536	WIN-5T344G8GM1H	S-1-5-21-416071247-492812682-1642729393-500	1/16/2018 5:02:14 PM	a4626349-8ea8-0002-d966-62a4a88ed301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	3	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1924	1944	WIN-PD8DQPRRTAO	S-1-5-18	1/16/2018 5:01:36 PM	60e27e42-8f3f-0000-2180-e2603f8fd301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1924 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1924	2224	WIN-PD8DQPRRTAO	S-1-5-18	1/16/2018 5:01:35 PM	60e27e42-8f3f-0000-2180-e2603f8fd301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1924	1944	WIN-PD8DQPRRTAO	S-1-5-18	1/16/2018 5:01:35 PM	60e27e42-8f3f-0000-2180-e2603f8fd301		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]