Auto Shutdown

Detection Script

$taskName = "AutoShutdown7pm"

schtasks.exe /Query /TN $taskName > $null 2>&1
if ($LASTEXITCODE -eq 0) {
    Write-Output "Scheduled task '$taskName' exists."
    exit 0
} else {
    Write-Output "Scheduled task '$taskName' does NOT exist."
    exit 1
}

Remediation Script

$xmlPath = "C:\ProgramData\AutoShutdown7pm.xml"

try {
    $now = Get-Date
    Write-Output "Current time: $($now.ToString('yyyy-MM-dd HH:mm:ss'))"

    $today19 = $now.Date.AddHours(19)
    if ($now -lt $today19) {
        $startTime = $today19
    } else {
        $startTime = $today19.AddDays(1)
    }

    while ($startTime.DayOfWeek -in @('Saturday','Sunday')) {
        $startTime = $startTime.AddDays(1)
    }

    $startBoundary = $startTime.ToString("yyyy-MM-dd'T'HH:mm:ss")
    Write-Output "Final startBoundary: $startBoundary"
}
catch {
    Write-Output "Error during scheduling: $_"
    exit 1
}

#define Scheduled Task XML
$xmlTemplate = @'
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Version>1.0.0.0</Version>
  </RegistrationInfo>
  <Triggers>
    <CalendarTrigger>
      <StartBoundary>{startBoundary}</StartBoundary>
      <Enabled>true</Enabled>
      <ScheduleByWeek>
        <DaysOfWeek>
          <Monday />
          <Tuesday />
          <Wednesday />
          <Thursday />
          <Friday />
        </DaysOfWeek>
        <WeeksInterval>1</WeeksInterval>
      </ScheduleByWeek>
    </CalendarTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-18</UserId>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>false</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>shutdown.exe</Command>
      <Arguments>/s /f /t 0</Arguments>
    </Exec>
  </Actions>
</Task>
'@

try {
    Set-Content -Path $xmlPath -Value $xmlTemplate -Encoding Unicode
    Write-Output "Successfully created base XML: $xmlPath"
} catch {
    Write-Output "Failed to create base XML: $_"
    exit 1
}

try {
    $xmlContent = Get-Content -Path $xmlPath -Raw
    $xmlContent = $xmlContent -replace '{startBoundary}', $startBoundary
    Set-Content -Path $xmlPath -Value $xmlContent -Encoding Unicode
    Write-Output "Successfully updated XML with startBoundary"
} catch {
    Write-Output "Failed to update XML: $_"
    exit 1
}
 
try {
    $taskName = "AutoShutdown7pm"
    Start-Process -FilePath "schtasks.exe" -ArgumentList "/Create /XML $xmlPath /tn $taskName /F" -Wait -WindowStyle Hidden
    Write-Host "Successfully created Scheduled Task: $taskName"
    exit 0
} catch {
    Write-Host "Failed to create Scheduled Task: $_"
    exit 1
}