Need Help! - Trying to use Powershell to Create Cryptolocker 3.0 File Screen

I am a noob at Powershell, but I believe I have a script that should work. We are trying to create a File Screen on all logical drives for multiple clients, and we want to enable the option to Shutdown the server when it detects a malicious file has been created. Here is my script:

   

$a = gwmi win32_logicaldisk -filter DriveType=3 | Select -ExpandProperty DeviceID
New-FsrmFileGroup -Name "Cryptolocker" -IncludePattern @("DECRYPT_*.*")
foreach ($i in $a){
     $notification = New-FsrmAction -Type Command -Command "c:\windows\system32\shutdown.exe"
    New-FsrmFileScreen -Path "$i" -Active: $false -IncludeGroup "Cryptolocker" -Notification $notification 
    }

I believe the section that I underlined and used bold text is the point of failure. I can use the same command, and change this line to enable an event log notification, and it works. However, the option to shutdown the server is giving me an error. Here is the error I am getting:

New-FsrmFileScreen : 0x80070057, The parameter is incorrect.
At C:\Users\Administrator\Desktop\shutdown.ps1:5 char:5
+     New-FsrmFileScreen -Path "$i" -Active: $false -IncludeGroup "Cryptolocker" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (MSFT_FSRMFileScreen:Root/Microsoft/..._FSRMFileScreen) [New-FsrmFileScreen], CimExce 
   ption
    + FullyQualifiedErrorId : MI RESULT 4,New-FsrmFileScreen

I've been banging my head against the wall for two days, any help would be greatly appreciated!!!!

February 20th, 2015 2:32pm
I should have mentioned I am using Windows Server 2012 R2 Standard
Free Windows Admin Tool Kit Click here and download it now
February 20th, 2015 2:33pm

shutdown is not a command.  It is a program and requires arguments.

New-FsrmFileScreen : 0x80070057, The parameter is incorrect

February 20th, 2015 2:44pm

Good point, however I have tried this as well $notification = New-FsrmAction -Type Command -Command "c:\windows\system32\cmd.exe"-CommandParameters "shutdown -s"

Same error.

Furthermore, we have the GUI confirmed as the following:

Command Tab, Command Radio Button Selected, and the command or script that runs is "c:\windows\system32\shutdown.exe" and it works successfully. The command argument is "-s"

VERY FRUSTRATING! 

Free Windows Admin Tool Kit Click here and download it now
February 20th, 2015 3:11pm
shutdown takes many more arguments.
February 20th, 2015 3:36pm

This is your error:

New-FsrmFileScreen : 0x80070057, The parameter is incorrect.
At C:\Users\Administrator\Desktop\shutdown.ps1:5 char:5
+     New-FsrmFileScreen -Path "$i" -Active: $false -IncludeGroup "Cryptolocker" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (MSFT_FSRMFileScreen:Root/Microsoft/..._FSRMFileScreen) [New-FsrmFileScreen], CimExce 
   ption
    + FullyQualifiedErrorId : MI RESULT 4,New-FsrmFileScreen

It is not on the command action.

Free Windows Admin Tool Kit Click here and download it now
February 20th, 2015 3:44pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics