I am a noob at Powershell, but I believe I have a script that should work. We are trying to create a File Screen on all logical drives for multiple clients, and we want to enable the option to Shutdown the server when it detects a malicious file has been created. Here is my script:
$a = gwmi win32_logicaldisk -filter DriveType=3 | Select -ExpandProperty DeviceID
New-FsrmFileGroup -Name "Cryptolocker" -IncludePattern @("DECRYPT_*.*")
foreach ($i in $a){
$notification = New-FsrmAction -Type Command -Command "c:\windows\system32\shutdown.exe"
New-FsrmFileScreen -Path "$i" -Active: $false -IncludeGroup "Cryptolocker" -Notification $notification
}
I believe the section that I underlined and used bold text is the point of failure. I can use the same command, and change this line to enable an event log notification, and it works. However, the option to shutdown the server is giving me an error. Here is the error I am getting:
New-FsrmFileScreen : 0x80070057, The parameter is incorrect.
At C:\Users\Administrator\Desktop\shutdown.ps1:5 char:5
+ New-FsrmFileScreen -Path "$i" -Active: $false -IncludeGroup "Cryptolocker" - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (MSFT_FSRMFileScreen:Root/Microsoft/..._FSRMFileScreen) [New-FsrmFileScreen], CimExce
ption
+ FullyQualifiedErrorId : MI RESULT 4,New-FsrmFileScreen
I've been banging my head against the wall for two days, any help would be greatly appreciated!!!!