Detection Script
$taskName = "AutoShutdown7pm"
schtasks.exe /Query /TN $taskName > $null 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Output "Scheduled task '$taskName' exists."
exit 0
} else {
Write-Output "Scheduled task '$taskName' does NOT exist."
exit 1
}Remediation Script
$xmlPath = "C:\ProgramData\AutoShutdown7pm.xml"
try {
$now = Get-Date
Write-Output "Current time: $($now.ToString('yyyy-MM-dd HH:mm:ss'))"
$today19 = $now.Date.AddHours(19)
if ($now -lt $today19) {
$startTime = $today19
} else {
$startTime = $today19.AddDays(1)
}
while ($startTime.DayOfWeek -in @('Saturday','Sunday')) {
$startTime = $startTime.AddDays(1)
}
$startBoundary = $startTime.ToString("yyyy-MM-dd'T'HH:mm:ss")
Write-Output "Final startBoundary: $startBoundary"
}
catch {
Write-Output "Error during scheduling: $_"
exit 1
}
#define Scheduled Task XML
$xmlTemplate = @'
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Version>1.0.0.0</Version>
</RegistrationInfo>
<Triggers>
<CalendarTrigger>
<StartBoundary>{startBoundary}</StartBoundary>
<Enabled>true</Enabled>
<ScheduleByWeek>
<DaysOfWeek>
<Monday />
<Tuesday />
<Wednesday />
<Thursday />
<Friday />
</DaysOfWeek>
<WeeksInterval>1</WeeksInterval>
</ScheduleByWeek>
</CalendarTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>S-1-5-18</UserId>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>false</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>shutdown.exe</Command>
<Arguments>/s /f /t 0</Arguments>
</Exec>
</Actions>
</Task>
'@
try {
Set-Content -Path $xmlPath -Value $xmlTemplate -Encoding Unicode
Write-Output "Successfully created base XML: $xmlPath"
} catch {
Write-Output "Failed to create base XML: $_"
exit 1
}
try {
$xmlContent = Get-Content -Path $xmlPath -Raw
$xmlContent = $xmlContent -replace '{startBoundary}', $startBoundary
Set-Content -Path $xmlPath -Value $xmlContent -Encoding Unicode
Write-Output "Successfully updated XML with startBoundary"
} catch {
Write-Output "Failed to update XML: $_"
exit 1
}
try {
$taskName = "AutoShutdown7pm"
Start-Process -FilePath "schtasks.exe" -ArgumentList "/Create /XML $xmlPath /tn $taskName /F" -Wait -WindowStyle Hidden
Write-Host "Successfully created Scheduled Task: $taskName"
exit 0
} catch {
Write-Host "Failed to create Scheduled Task: $_"
exit 1
}