From e44c7a74f4c3bb6879b21638a0fbad40e3277f99 Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Thu, 22 Aug 2024 08:18:14 -0400
Subject: [PATCH] add WIP: TRMM agent installer and lock/unlock scripts. Thx
 CBG_ITSUP

---
 .../Win_TRMM_Agent_Installer_and_Locker.ps1   | 81 +++++++++++++++++++
 scripts_wip/Win_TRMM_Agent_Locker.ps1         | 37 +++++++++
 scripts_wip/Win_TRMM_Agent_unLocker.ps1       | 59 ++++++++++++++
 3 files changed, 177 insertions(+)
 create mode 100644 scripts_wip/Win_TRMM_Agent_Installer_and_Locker.ps1
 create mode 100644 scripts_wip/Win_TRMM_Agent_Locker.ps1
 create mode 100644 scripts_wip/Win_TRMM_Agent_unLocker.ps1

diff --git a/scripts_wip/Win_TRMM_Agent_Installer_and_Locker.ps1 b/scripts_wip/Win_TRMM_Agent_Installer_and_Locker.ps1
new file mode 100644
index 0000000..d6cb2f7
--- /dev/null
+++ b/scripts_wip/Win_TRMM_Agent_Installer_and_Locker.ps1
@@ -0,0 +1,81 @@
+<#
+.SYNOPSIS
+    Script to install and configure the Tactical RMM (TRMM) Agent.
+
+.DESCRIPTION
+    This script performs several tasks to install and secure the Tactical RMM (TRMM) Agent on a Windows machine.
+    It includes setting up necessary prerequisites, installing the TRMM agent, configuring Windows Defender exclusions, 
+    locking down services, and preventing access to specific folders.
+
+.PARAMETER RMMurl
+    The deployment URL to download the Tactical RMM Agent installer.
+
+.EXAMPLE
+    $RMMurl = "https://example.com/path/to/agent.exe"
+    # (Run the script with the specified URL)
+    # This will download and install the TRMM agent, configure exclusions, lock services, and secure folders.
+
+.NOTES
+    v1.0 8/22/2024 CBG_ITSUP Initial version
+#>
+
+###############################################
+######           Prerequisites              ####
+###############################################
+
+[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
+
+$RMMurl = "Insert RMM agent URL here"
+
+$Path = Test-Path -Path "C:\Program Files\TacticalAgent\tacticalrmm.exe"
+
+###############################################
+############   Install TRMM Agent      ########
+###############################################
+
+If ($Path -eq $false) {
+
+    Add-MpPreference -ExclusionPath "C:\ProgramData"
+
+    Invoke-WebRequest $RMMurl -OutFile "C:\ProgramData\trmm-agent.exe"
+
+    Start-Process -Wait "C:\ProgramData\trmm-agent.exe" -ArgumentList '-silent'
+
+    Remove-MpPreference -ExclusionPath "C:\ProgramData"
+
+    Remove-Item "C:\ProgramData\trmm-agent.exe" -Force
+
+}
+###############################################
+### Exclude TRMM paths in Windows Defender ####
+###############################################
+
+Add-MpPreference -ExclusionPath "C:\Program Files\Mesh Agent\*"
+Add-MpPreference -ExclusionPath "C:\Program Files\TacticalAgent\*"
+Add-MpPreference -ExclusionPath "C:\ProgramData\TacticalRMM\*"
+
+###############################################
+####          Lock Down Services           ####
+###############################################
+
+Start-Process -FilePath "$env:comspec" -ArgumentList "/c sc config tacticalrmm start=auto"
+
+Start-Process -FilePath "$env:comspec" -ArgumentList "/c sc start tacticalrmm"
+
+Start-Process -FilePath "$env:comspec" -ArgumentList "/c  sc.exe sdset tacticalrmm D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWLOCRRC;;;BA)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
+
+Start-Process -FilePath "$env:comspec" -ArgumentList '/c sc config "Mesh Agent" start=auto'
+
+Start-Process -FilePath "$env:comspec" -ArgumentList '/c sc start "Mesh Agent"'
+
+Start-Process -FilePath "$env:comspec" -ArgumentList '/c sc.exe sdset "Mesh Agent" D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWLOCRRC;;;BA)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)'
+
+###############################################
+#####   Prevent access to TRMM folders      ###
+###############################################
+
+Invoke-Expression -Command:"icacls ""C:\Program Files\TacticalAgent"" /T /setowner system"
+Invoke-Expression -Command:"icacls ""C:\Program Files\TacticalAgent\unins000.exe"" /inheritance:d /grant System:F /deny Administrators:F"
+Invoke-Expression -Command:"icacls ""C:\Program Files\TacticalAgent"" /T /inheritance:d /grant System:F /deny Administrators:F"
+
+Exit 0
\ No newline at end of file
diff --git a/scripts_wip/Win_TRMM_Agent_Locker.ps1 b/scripts_wip/Win_TRMM_Agent_Locker.ps1
new file mode 100644
index 0000000..04fef69
--- /dev/null
+++ b/scripts_wip/Win_TRMM_Agent_Locker.ps1
@@ -0,0 +1,37 @@
+<#
+.SYNOPSIS
+    Lock down services and prevent access to TRMM folders.
+
+.DESCRIPTION
+    This script configures and starts the "tacticalrmm" and "Mesh Agent" services, setting security descriptors to enforce security. Additionally, it restricts access to the TacticalAgent directory and its executable to prevent unauthorized access.
+
+.NOTES
+    v1.0 8/22/2024 CBG_ITSUP Initial version
+#>
+
+
+###############################################
+####          Lock Down Services           ####
+###############################################
+
+Start-Process -FilePath "$env:comspec" -ArgumentList "/c sc config tacticalrmm start=auto"
+
+Start-Process -FilePath "$env:comspec" -ArgumentList "/c sc start tacticalrmm"
+
+Start-Process -FilePath "$env:comspec" -ArgumentList "/c  sc.exe sdset tacticalrmm D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWLOCRRC;;;BA)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
+
+Start-Process -FilePath "$env:comspec" -ArgumentList '/c sc config "Mesh Agent" start=auto'
+
+Start-Process -FilePath "$env:comspec" -ArgumentList '/c sc start "Mesh Agent"'
+
+Start-Process -FilePath "$env:comspec" -ArgumentList '/c sc.exe sdset "Mesh Agent" D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWLOCRRC;;;BA)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)'
+
+###############################################
+#####   Prevent access to TRMM folders      ###
+###############################################
+
+Invoke-Expression -Command:"icacls ""C:\Program Files\TacticalAgent"" /T /setowner system"
+Invoke-Expression -Command:"icacls ""C:\Program Files\TacticalAgent\unins000.exe"" /inheritance:d /grant System:F /deny Administrators:F"
+Invoke-Expression -Command:"icacls ""C:\Program Files\TacticalAgent"" /T /inheritance:d /grant System:F /deny Administrators:F"
+
+Exit 0
\ No newline at end of file
diff --git a/scripts_wip/Win_TRMM_Agent_unLocker.ps1 b/scripts_wip/Win_TRMM_Agent_unLocker.ps1
new file mode 100644
index 0000000..eb12761
--- /dev/null
+++ b/scripts_wip/Win_TRMM_Agent_unLocker.ps1
@@ -0,0 +1,59 @@
+<#
+.SYNOPSIS
+    Unlock TacticalRMM Agent and optionally remove it.
+
+.DESCRIPTION
+    This script unlocks the TacticalRMM Agent by modifying folder permissions and resetting service security descriptors. Additionally, it includes an optional parameter to remove the TacticalRMM Agent if specified.
+
+.PARAMETER remove
+    A boolean parameter that, if set to $True, will trigger the removal of the TacticalRMM Agent.
+
+.OUTPUTS
+    None
+
+.EXAMPLE
+    .\script.ps1 -remove $False
+    - Unlocks the TacticalRMM Agent by adjusting permissions and resetting service security descriptors without removing the agent.
+
+.EXAMPLE
+    .\script.ps1 -remove $True
+    - Unlocks the TacticalRMM Agent and then removes it using its uninstaller.
+
+.NOTES
+    v1.0 8/22/2024 CBG_ITSUP Initial version
+
+#>
+
+
+param (
+
+  [Parameter()]
+  [string]$remove
+)
+
+#######################################################
+############ UnLock TacticalRMM Agent #################
+#######################################################
+
+#################### App Folder #######################
+
+Invoke-Expression -Command:"icacls ""C:\Program Files\TacticalAgent"" /T /inheritance:d /grant System:F /grant Administrators:F"
+
+Invoke-Expression -Command:"icacls ""C:\Program Files\TacticalAgent\unins000.exe"" /inheritance:d /grant System:F /grant Administrators:F"
+
+Invoke-Expression -Command:"icacls ""C:\Program Files\TacticalAgent"" /T /inheritance:d /grant System:F /grant Administrators:F"
+
+##################### Services ########################
+
+Start-Process -FilePath "$env:comspec" -ArgumentList "/c sc.exe sdset tacticalrmm D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
+
+Start-Process -FilePath "$env:comspec" -ArgumentList '/c sc.exe sdset "Mesh Agent" D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)'
+
+
+#######################################################
+######### Optional: Remove TacticalRMM Agent ##########
+#######################################################
+
+If ($remove -eq $True) {
+  Start-Process -Wait -FilePath "$env:comspec" -ArgumentList '/c ""C:\Program Files\TacticalAgent\unins000.exe"" /VERYSILENT'
+}
\ No newline at end of file