diff --git a/test/Samy.Offboard.ps1 b/test/Samy.Offboard.ps1 new file mode 100644 index 0000000..0771472 --- /dev/null +++ b/test/Samy.Offboard.ps1 @@ -0,0 +1,131 @@ +# Samy.Offboard.ps1 +# Offboarding handlers and full offboard flow + +function Invoke-UninstallCyberQP { + param($Context) + + try { + if (Get-Command Uninstall-CyberQP -ErrorAction Stop) { + Uninstall-CyberQP + Write-LogHybrid "CyberQP uninstalled" Success OffBoard -LogToEvent + Send-Text $Context "CyberQP uninstalled." + } + else { + throw "Uninstall-CyberQP cmdlet not found in SVSMSP toolkit." + } + } + catch { + Write-LogHybrid "Error uninstalling CyberQP: $($_.Exception.Message)" Error OffBoard -LogToEvent + Send-Text $Context "ERROR: $($_.Exception.Message)" + } +} + +function Invoke-UninstallHelpDesk { + param($Context) + + try { + if (Get-Command Uninstall-HelpDesk -ErrorAction Stop) { + Uninstall-HelpDesk + Write-LogHybrid "SVS HelpDesk uninstalled" Success OffBoard -LogToEvent + Send-Text $Context "SVS HelpDesk uninstalled." + } + else { + throw "Uninstall-HelpDesk cmdlet not found in SVSMSP toolkit." + } + } + catch { + Write-LogHybrid "Error uninstalling SVS HelpDesk: $($_.Exception.Message)" Error OffBoard -LogToEvent + Send-Text $Context "ERROR: $($_.Exception.Message)" + } +} + +function Invoke-UninstallThreatLocker { + param($Context) + + try { + if (Get-Command Uninstall-ThreatLocker -ErrorAction Stop) { + Uninstall-ThreatLocker + Write-LogHybrid "ThreatLocker uninstalled" Success OffBoard -LogToEvent + Send-Text $Context "ThreatLocker uninstalled." + } + else { + throw "Uninstall-ThreatLocker cmdlet not found in SVSMSP toolkit." + } + } + catch { + Write-LogHybrid "Error uninstalling ThreatLocker: $($_.Exception.Message)" Error OffBoard -LogToEvent + Send-Text $Context "ERROR: $($_.Exception.Message)" + } +} + +function Invoke-UninstallRocketCyber { + param($Context) + + try { + if (Get-Command Uninstall-RocketCyber -ErrorAction Stop) { + Uninstall-RocketCyber + Write-LogHybrid "RocketCyber uninstalled" Success OffBoard -LogToEvent + Send-Text $Context "RocketCyber uninstalled." + } + else { + throw "Uninstall-RocketCyber cmdlet not found in SVSMSP toolkit." + } + } + catch { + Write-LogHybrid "Error uninstalling RocketCyber: $($_.Exception.Message)" Error OffBoard -LogToEvent + Send-Text $Context "ERROR: $($_.Exception.Message)" + } +} + +function Invoke-CleanupSVSMSP { + param($Context) + + try { + if (Get-Command Install-SVSMSP -ErrorAction Stop) { + Install-SVSMSP -Cleanup + Write-LogHybrid "SVSMSP toolkit cleanup completed (module, repo, registry)." Success OffBoard -LogToEvent + Send-Text $Context "SVSMSP toolkit cleanup completed." + } + else { + throw "Install-SVSMSP function not found in current session." + } + } + catch { + Write-LogHybrid "Error cleaning up SVSMSP toolkit: $($_.Exception.Message)" Error OffBoard -LogToEvent + Send-Text $Context "ERROR: $($_.Exception.Message)" + } +} + +function Invoke-SamyFullOffboard { + [CmdletBinding(SupportsShouldProcess = $true)] + param() + + $offboardTasks = $Global:SamyTasks | Where-Object Page -eq 'offboard' + + if (-not $offboardTasks) { + Write-LogHybrid "No offboard tasks configured." Warning OffBoard -LogToEvent + return + } + + if (-not $PSCmdlet.ShouldProcess("Full off-boarding flow", "Execute every offboard task")) { + return + } + + foreach ($task in $offboardTasks) { + try { + Write-LogHybrid "Running offboard task: $($task.Label)" Info OffBoard -LogToEvent + + if (-not (Get-Command $task.HandlerFn -ErrorAction SilentlyContinue)) { + Write-LogHybrid "Missing handler $($task.HandlerFn)" Error OffBoard -LogToEvent + continue + } + + & $task.HandlerFn $null + } + catch { + Write-LogHybrid "Offboard task $($task.Label) failed: $($_.Exception.Message)" Error OffBoard -LogToEvent + } + } + + Write-LogHybrid "Headless offboarding completed" Success OffBoard -LogToEvent +}