From acf251da2f664651d650d40263516110428500ec Mon Sep 17 00:00:00 2001
From: Niko Ehrenfeuchter <nikolaus.ehrenfeuchter@unibas.ch>
Date: Tue, 13 Mar 2018 23:46:56 +0100
Subject: [PATCH] Check group membership when updating the service binaries
Report if the service account is not a member of the local group
"Performance Monitor Users" when the service binaries are being updated.
Refers to #40
---
Updater/Update-Service.ps1 | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/Updater/Update-Service.ps1 b/Updater/Update-Service.ps1
index 636c6ca..b83ee5a 100644
--- a/Updater/Update-Service.ps1
+++ b/Updater/Update-Service.ps1
@@ -54,6 +54,37 @@ function ServiceIsBusy {
}
+function Get-ServiceAccount([string]$ServiceName) {
+ try {
+ $Account = $(Get-WmiObject Win32_Service |
+ Where-Object { $_.Name -match $ServiceName }).StartName
+ }
+ catch {
+ Log-Error "Error detecting service account: $($_.Exception.Message)"
+ }
+ Write-Verbose "Service account: [$($Account)]"
+ Return $Account
+}
+
+
+function Check-PerformanceMonitormembership() {
+ $GroupName = "Performance Monitor Users"
+ Write-Verbose "Checking if service account is in group [$($GroupName)]..."
+
+ $PMGroup = Get-LocalGroup -Name $GroupName
+ $ServiceAccount = Get-ServiceAccount $ServiceName
+ try {
+ Get-LocalGroupMember -Group $PMGroup -Member $ServiceAccount | Out-Null
+ Write-Verbose "Validated membership in group [$($GroupName)]."
+ }
+ catch {
+ Log-Warning $("Service account [$($ServiceAccount)] is NOT a member of"
+ "the local group [$($GroupName)], monitoring CPU load"
+ " >>>> WILL NOT WORK! <<<<")
+ }
+}
+
+
function Stop-TrayApp() {
try {
Stop-Process -Name "ATxTray" -Force -ErrorAction Stop
@@ -674,6 +705,7 @@ try {
Send-MailReport -Subject "updated failed!" -Body $msg
Exit
}
+ Check-PerformanceMonitormembership
}
$UpdSummary = "Updated $($UpdItems -join " and ")."
--
GitLab