#region changes to be done # We could change line 298 and 379 the have it log in "SVS Scripting" instead of "Application" if we can find a way to force create the log #endregion changes to be done <# .SYNOPSIS ScriptMonkey - MSP client onboarding/offboarding toolkit with a user interface, and optional silent install of the SVSMSP toolkit and headless DattoRMM deployment. .DESCRIPTION Install-DattoRMM is a single, unified toolkit for Datto RMM operations. It can be used interactively or via HTTP endpoints, and includes built-in validation and error trapping. Key features: - Credential retrieval - securely fetches ApiUrl, ApiKey, and ApiSecretKey from a webhook. - OAuth management - automatically acquires and refreshes bearer tokens over TLS. - Site list fetching - returns the list of RMM sites; validates OutputFile to .csv or .json. - Site list saving - writes fetched site list to the user's Desktop as CSV or JSON. - Registry variable push - writes site-specific variables under HKLM:\Software\SVS\Deployment. - Agent download & install - downloads the Datto RMM agent installer and launches it. - Installer archiving - saves a copy of the downloaded installer to C:\Temp. - HTTP endpoints - exposes /getpw and /installDattoRMM handlers, each wrapped in try/catch to log errors and return proper HTTP 500 responses on failure. - Idempotent & WhatIf support - uses ShouldProcess for safe, testable agent installs. Throughout, secrets are never written to logs or console, and all operations produce clear success/failure messages via Write-LogHybrid. .PARAMETER UseWebhook Switch that forces credential retrieval from the webhook at WebhookUrl using WebhookPassword. When omitted, you must supply ApiUrl, ApiKey, and ApiSecretKey directly. .PARAMETER WebhookPassword Password to authenticate to the credentials-fetch webhook. Mandatory when -UseWebhook is set. .PARAMETER WebhookUrl URL of the credentials webhook endpoint. Defaults to $Global:DattoWebhookUrl. .PARAMETER ApiUrl Direct Datto RMM API base URL (used if not fetching from webhook). .PARAMETER ApiKey Direct Datto RMM API key (used if not fetching from webhook). .PARAMETER ApiSecretKey Direct Datto RMM secret (used if not fetching from webhook). .PARAMETER FetchSites Switch to fetch the list of RMM sites and skip all install or variable-push actions. .PARAMETER SaveSitesList Switch to save the fetched site list to the desktop as a file named by OutputFile. Must be used together with -FetchSites. .PARAMETER OutputFile Name of the file to write the site list to (must end in “.csv” or “.json”). Defaults to 'datto_sites.csv'. .PARAMETER PushSiteVars Switch to fetch site-specific variables and write them under HKLM:\Software\SVS\Deployment. .PARAMETER InstallRMM Switch to download and launch the Datto RMM agent installer for the specified site. .PARAMETER SaveCopy Switch to save a copy of the downloaded Datto RMM installer into C:\Temp. .PARAMETER SiteUID The unique identifier of the Datto RMM site. Mandatory when performing install or variable-push. .PARAMETER SiteName The friendly name of the Datto RMM site (used in logging). Mandatory when performing install or variable-push. .EXAMPLE & ([ScriptBlock]::Create( (iwr 'https://sm.svstools.com' -UseBasicParsing).Content )) ` -UseWebhook -WebhookPassword 'pwd' -SiteUID 'site-123' -SiteName 'Acme Corp' -PushSiteVars -InstallRMM # Headlessly installs the Datto RMM agent on “Acme Corp” and writes site variables to the registry. .EXAMPLE & ([ScriptBlock]::Create( (iwr 'https://sm.svstools.com' -UseBasicParsing).Content )) ` -ApiUrl 'https://api.example.com' ` -ApiKey 'YourApiKey' ` -ApiSecretKey 'YourSecretKey' ` -SiteUID 'site-123' ` -SiteName 'Acme Corp' ` -PushSiteVars ` -InstallRMM # Headlessly installs the Datto RMM agent on “Acme Corp” and writes site variables to the registry. .EXAMPLE & ([ScriptBlock]::Create( (iwr 'https://sm.svstools.com' -UseBasicParsing).Content )) ` -UseWebhook ` -WebhookPassword 'pwd' ` -FetchSites ` -SaveSitesList ` -OutputFile 'sites.json' # Fetches the full site list via webhook and saves it as JSON to your Desktop. .EXAMPLE & ([ScriptBlock]::Create( (iwr 'https://sm.svstools.com' -UseBasicParsing).Content )) ` -ApiUrl 'https://api.example.com' ` -ApiKey 'YourApiKey' ` -ApiSecretKey 'YourSecretKey' ` -SiteUID 'site-123' ` -SiteName 'Acme Corp' ` -SaveCopy # Downloads the RMM installer for “Acme Corp” and saves a copy under C:\Temp without running it. .EXAMPLE & ([ScriptBlock]::Create( (iwr 'https://sm.svstools.com' -UseBasicParsing).Content )) ` -ApiUrl 'https://api.example.com' ` -ApiKey 'YourApiKey' ` -ApiSecretKey 'YourSecretKey' ` -SiteUID 'site-123' ` -SiteName 'Acme Corp' ` -InstallRMM ` -WhatIf # Shows what would happen when installing the RMM agent, without making any changes. .EXAMPLE & ([ScriptBlock]::Create((iwr 'sm.svstools.ca').Content )) -SilentInstall .EXAMPLE & ([ScriptBlock]::Create((iwr 'sm.svstools.com').Content)) -Cleanup #> #region Handler Stubs function Respond-Text { param($Context, $Text) $bytes = [Text.Encoding]::UTF8.GetBytes($Text) $Context.Response.ContentType = 'text/plain' $Context.Response.ContentLength64 = $bytes.Length $Context.Response.OutputStream.Write($bytes,0,$bytes.Length) $Context.Response.OutputStream.Close() } function Respond-HTML { [CmdletBinding()] param( [Parameter(Mandatory = $true)][object] $Context, [Parameter(Mandatory = $true)][string] $Html ) $bytes = [Text.Encoding]::UTF8.GetBytes($Html) $Context.Response.ContentType = 'text/html' $Context.Response.ContentLength64 = $bytes.Length $Context.Response.OutputStream.Write($bytes, 0, $bytes.Length) $Context.Response.OutputStream.Close() } function Respond-JSON { param($Context, $Object) $json = $Object | ConvertTo-Json -Depth 5 $bytes = [Text.Encoding]::UTF8.GetBytes($json) $Context.Response.ContentType = 'application/json' $Context.Response.ContentLength64 = $bytes.Length $Context.Response.OutputStream.Write($bytes,0,$bytes.Length) $Context.Response.OutputStream.Close() } function Handle-FetchSites { param($Context) try { # 1) Read the incoming JSON payload (contains only the webhook password) $raw = (New-Object IO.StreamReader $Context.Request.InputStream).ReadToEnd() $pw = (ConvertFrom-Json $raw).password # ★ Store it globally for the next call ★ $Global:WebhookPassword = $pw # 2) Delegate to your unified function $sites = Install-DattoRMM ` -UseWebhook ` -WebhookPassword $pw ` -FetchSites ` -SaveSitesList:$SaveSitesList ` -OutputFile $OutputFile # 3) Return JSON array of sites Respond-JSON $Context $sites } catch { # Log the exception and return HTTP 500 Write-LogHybrid "Handle-FetchSites error: $($_.Exception.Message)" Error DattoRMM -LogToEvent $Context.Response.StatusCode = 500 Respond-Text $Context "Internal server error fetching sites." } } function Handle-InstallDattoRMM { param($Context) try { if ($Context.Request.HttpMethod -ne 'POST') { $Context.Response.StatusCode = 405 Respond-Text $Context 'Use POST' return } # 1) Read and parse the JSON body $body = (New-Object IO.StreamReader $Context.Request.InputStream).ReadToEnd() $data = ConvertFrom-Json $body # 2) Delegate to your unified function for the install Install-DattoRMM ` -UseWebhook ` -WebhookPassword $Global:WebhookPassword ` -SiteUID $data.UID ` -SiteName $data.Name ` -PushSiteVars:($data.checkedValues -contains 'inputVar') ` -InstallRMM: ($data.checkedValues -contains 'rmm') ` -SaveCopy: ($data.checkedValues -contains 'exe') # 3) Acknowledge to the client Respond-Text $Context "Triggered DattoRMM for $($data.Name)" } catch { # Log the exception and return HTTP 500 Write-LogHybrid "Handle-InstallDattoRMM error: $($_.Exception.Message)" Error DattoRMM -LogToEvent $Context.Response.StatusCode = 500 Respond-Text $Context "Internal server error during DattoRMM install." } } function Handle-InstallCyberQP { param($Context) # 1) call into your module Install-CyberQP # 2) log & write back a simple text response Write-LogHybrid "CyberQP installed" "Success" "OnBoard" Respond-Text $Context "CyberQP installed" } function Handle-InstallThreatLocker { param($Context) # 1) call into your module Install-ThreatLocker # 2) log & write back a simple text response Write-LogHybrid "ThreatLocker installed" "Success" "OnBoard" Respond-Text $Context "ThreatLocker installed" } function Handle-InstallRocketCyber { param($Context) # 1) call into your module Install-RocketCyber # 2) log & write back a simple text response Write-LogHybrid "RocketCyber installed" "Success" "OnBoard" Respond-Text $Context "RocketCyber installed" } function Handle-InstallSVSHelpDesk { param($Context) # 1) call into your module Install-SVSHelpDesk # 2) log & write back a simple text response Write-LogHybrid "SVS HelpDesk installed" "Success" "OnBoard" Respond-Text $Context "SVS HelpDesk installed" } function Handle-InstallSVSMSP { param($Context) Write-LogHybrid "HTTP trigger: Handle-InstallSVSMSP" "Info" "OnBoard" try { Install-SVSMSP -InstallToolkit Respond-Text $Context "SVSMSP Module installed/updated." } catch { Write-LogHybrid "Error in Install-SVSMSP: $_" "Error" "OnBoard" Respond-Text $Context "ERROR: $_" } } function Invoke-ScriptMonkey { # ───────────────────────────────────────────────────────────────────────── # PARAMETERS + GLOBAL VARIABLES # ───────────────────────────────────────────────────────────────────────── [CmdletBinding( DefaultParameterSetName='UI', SupportsShouldProcess=$true, ConfirmImpact= 'Medium' )] param( # ───────────────────────────────────────────────────────── # Toolkit-only mode [Parameter(Mandatory,ParameterSetName='Toolkit')][switch]$SilentInstall, # ───────────────────────────────────────────────────────── # remove Toolkit [Parameter(Mandatory,ParameterSetName='Cleanup')][switch]$Cleanup, # ───────────────────────────────────────────────────────── # Datto headless mode # ─── DattoFetch & DattoInstall share the webhook creds ───────────── [Parameter(Mandatory,ParameterSetName='DattoFetch')] [Parameter(Mandatory,ParameterSetName='DattoInstall')] [switch]$UseWebhook, [Parameter(Mandatory,ParameterSetName='DattoFetch')] [Parameter(Mandatory,ParameterSetName='DattoInstall')] [string]$WebhookPassword, [string]$WebhookUrl = $Global:DattoWebhookUrl, # ─── only DattoFetch uses these ──────────────────────────────────── [Parameter(ParameterSetName='DattoFetch')][switch]$FetchSites, [Parameter(ParameterSetName='DattoFetch')][switch] $SaveSitesList, [Parameter(ParameterSetName='DattoFetch')][ValidatePattern('\.csv$|\.json$')][string] $OutputFile = 'datto_sites.csv', # ─── only DattoInstall uses these ───────────────────────────────── [Parameter(Mandatory,ParameterSetName='DattoInstall')][string] $SiteUID, [Parameter(Mandatory,ParameterSetName='DattoInstall')][string] $SiteName, [Parameter(ParameterSetName='DattoInstall')][switch] $PushSiteVars, [Parameter(ParameterSetName='DattoInstall')][switch] $InstallRMM, [Parameter(ParameterSetName='DattoInstall')][switch] $SaveCopy ) #region global variables # Listening port for HTTP UI $Port = 8082 # Configurable endpoints $Global:DattoWebhookUrl = 'https://automate.svstools.ca/webhook/svsmspkit' # Initialize a global in-memory log cache if (-not $Global:LogCache -or -not ($Global:LogCache -is [System.Collections.ArrayList])) { $Global:LogCache = [System.Collections.ArrayList]::new() } #endregion global variables #region SVS Module function Install-SVSMSP { param ( [switch] $Cleanup, [switch] $InstallToolkit, [Parameter(Mandatory = $false)][array] $AllModules = @(@{ ModuleName = "SVS_Toolkit" }, @{ ModuleName = "SVSMSP" }), [Parameter(Mandatory = $false)][array] $AllRepositories = @(@{ RepoName = "SVS_Repo" }, @{ RepoName = "SVS_Toolkit" }), [Parameter(Mandatory = $false)][string] $NewModuleName = "SVSMSP", [Parameter(Mandatory = $false)][string] $NewRepositoryName = "SVS_Repo", [Parameter(Mandatory = $false)][string] $NewRepositoryURL = "http://proget.svstools.ca:8083/nuget/SVS_Repo/" ) function Perform-Cleanup { Write-LogHybrid "Cleanup mode enabled. Starting cleanup..." "Info" "SVSModule" # Attempt to uninstall all versions of SVSMSP try { Uninstall-Module -Name SVSMSP -AllVersions -Force -ErrorAction Stop Write-LogHybrid "SVSMSP module uninstalled from system." "Success" "SVSModule" -LogToEvent } catch { # If no module was found, just warn and continue if ($_.Exception.Message -match 'No match was found') { Write-LogHybrid "No existing SVSMSP module found to uninstall." "Warning" "SVSModule" -LogToEvent } else { Write-LogHybrid "Failed to uninstall SVSMSP: $($_.Exception.Message)" "Error" "SVSModule" -LogToEvent } } # Remove the custom repository if registered if (Get-PSRepository -Name SVS_Repo -ErrorAction SilentlyContinue) { try { Unregister-PSRepository -Name SVS_Repo -ErrorAction Stop Write-LogHybrid "SVS_Repo repository unregistered." "Success" "SVSModule" -LogToEvent } catch { Write-LogHybrid "Failed to unregister SVS_Repo: $($_.Exception.Message)" "Error" "SVSModule" -LogToEvent } } # Finally, remove it from the current session if loaded if (Get-Module -Name SVSMSP) { try { Remove-Module SVSMSP -Force -ErrorAction Stop Write-LogHybrid "SVSMSP module removed from current session." "Success" "SVSModule" -LogToEvent } catch { Write-LogHybrid "Failed to remove SVSMSP from session: $($_.Exception.Message)" "Error" "SVSModule" -LogToEvent } } } function Perform-ToolkitInstallation { Perform-Cleanup Write-LogHybrid "Registering repo $NewRepositoryName…" "Info" "SVSModule" -LogToEvent if (-not (Get-PSRepository -Name $NewRepositoryName -ErrorAction SilentlyContinue)) { Register-PSRepository -Name $NewRepositoryName -SourceLocation $NewRepositoryURL -InstallationPolicy Trusted } Write-LogHybrid "Installing module $NewModuleName…" "Info" "SVSModule" -LogToEvent Install-Module -Name $NewModuleName -Repository $NewRepositoryName -Scope AllUsers -Force Write-LogHybrid "Toolkit installation complete." "Success" "SVSModule" -LogToEvent } Write-LogHybrid "Install-SVSMSP called" "Info" "SVSModule" -LogToEvent if ($Cleanup) { Perform-Cleanup; return } if ($InstallToolkit) { Perform-ToolkitInstallation; return } # default if no switch passed: Perform-ToolkitInstallation } #endregion SVS Module #region Write-Log # This function is used as a fallback if the SVSMSP module is not installed # This function is used as a fallback if the SVSMSP module is not installed function Write-LogHelper { [CmdletBinding()] param( [Parameter(Mandatory)][string]$Message, [ValidateSet("Info","Warning","Error","Success","General")] [string]$Level = "Info", [string]$TaskCategory = "GeneralTask", [switch]$LogToEvent, [string]$EventSource = "Script Automation Monkey", [string]$EventLog = "Application", [int] $CustomEventID, [string]$LogFile, [switch]$PassThru ) # ─── IDs & Colors ──────────────────────────────────────────────── $idMap = @{ Info=1000; Warning=2000; Error=3000; Success=4000; General=1000 } $colMap = @{ Info="Cyan"; Warning="Yellow"; Error="Red"; Success="Green"; General="White" } $EventID = if ($PSBoundParameters.CustomEventID) { $CustomEventID } else { $idMap[$Level] } $color = $colMap[$Level] $fmt = "[$Level] [$TaskCategory] $Message (Event ID: $EventID)" # ─── Console Output ───────────────────────────────────────────── Write-Host $fmt -ForegroundColor $color # ─── In-Memory Cache ───────────────────────────────────────────── if (-not $Global:LogCache) { $Global:LogCache = [System.Collections.ArrayList]::new() } $Global:LogCache.Add([pscustomobject]@{ Timestamp = (Get-Date).ToString('yyyy-MM-dd HH:mm:ss') Level = $Level Message = $fmt }) | Out-Null # ─── File Logging ──────────────────────────────────────────────── if ($PSBoundParameters.LogFile) { try { "$((Get-Date).ToString('yyyy-MM-dd HH:mm:ss')) $fmt" | Out-File -FilePath $LogFile -Append -Encoding UTF8 } catch { Write-Host "[Warning] File log failed: $_" -ForegroundColor Yellow } } # ─── Event Log ────────────────────────────────────────────────── if ($LogToEvent) { try { # 1) Ensure your custom source/log exist if (-not [System.Diagnostics.EventLog]::SourceExists($EventSource)) { New-EventLog -LogName $EventLog -Source $EventSource -ErrorAction Stop } } catch { Write-Host "[Warning] Could not create event log '$EventLog' or source '$EventSource': $($_.Exception.Message)" -ForegroundColor Yellow return } # 2) Map level to entry type $entryType = if ($Level -in 'Warning','Error') { $Level } else { 'Information' } # 3) Write to the Windows event log try { Write-EventLog ` -LogName $EventLog ` -Source $EventSource ` -EntryType $entryType ` -EventID $EventID ` -Message $fmt } catch { Write-Host "[Warning] EventLog failed: $($_.Exception.Message)" -ForegroundColor Yellow } } if ($PassThru) { return $Global:LogCache[-1] } } # ───────────────────────────────────────────────────────────────────────── # WRITE-LOG HYBRID (single definition, chooses at runtime if we use the # Write-Log from the module or the built-in Write-LogHelper funtions ) # ───────────────────────────────────────────────────────────────────────── function Write-LogHybrid { [CmdletBinding()] param( [Parameter(Mandatory=$true)][string]$Message, [ValidateSet("Info","Warning","Error","Success","General")] [string]$Level = "Info", [string]$TaskCategory = "GeneralTask", [switch]$LogToEvent, [string]$EventSource = "Script Automation Monkey", [string]$EventLog = "Application", [ValidateSet("Black","DarkGray","Gray","White","Red","Green","Blue","Yellow","Magenta","Cyan")] [string]$ForegroundColorOverride ) $formatted = "[$Level] [$TaskCategory] $Message" if ($PSBoundParameters.ContainsKey('ForegroundColorOverride')) { # 1) print to console with the override color Write-Host $formatted -ForegroundColor $ForegroundColorOverride # 2) then forward the call (sans the override) to Write-Log or Write-LogHelper $invokeParams = @{ Message = $Message Level = $Level TaskCategory = $TaskCategory LogToEvent = $LogToEvent EventSource = $EventSource EventLog = $EventLog } if (Get-Command Write-Log -ErrorAction SilentlyContinue) { Write-Log @invokeParams } else { Write-LogHelper @invokeParams } } else { # No override: let Write-Log / Write-LogHelper handle everything (including console color) if (Get-Command Write-Log -ErrorAction SilentlyContinue) { Write-Log ` -Message $Message ` -Level $Level ` -TaskCategory $TaskCategory ` -LogToEvent:$LogToEvent ` -EventSource $EventSource ` -EventLog $EventLog } else { Write-LogHelper ` -Message $Message ` -Level $Level ` -TaskCategory $TaskCategory ` -LogToEvent:$LogToEvent ` -EventSource $EventSource ` -EventLog $EventLog } } } #endregion Write-Log #region building the Menus # Define every task once here: # Id → checkbox HTML `id` # Name → URL path (`/Name`) # Label → user-visible text # HandlerFn → the PowerShell function to invoke # Page → which tab/page it appears on $Global:Tasks = @( # On-Boarding, left column @{ Id='setSVSPowerplan'; Name='setSVSPowerplan'; Label='Set SVS Powerplan'; HandlerFn='Handle-setSVSPowerPlan'; Page='onboard'; Column='left' }, @{ Id='installSVSMSPModule'; Name='installSVSMSPModule'; Label='Install SVSMSP Module'; HandlerFn='Handle-InstallSVSMSP'; Page='onboard'; Column='left' }, @{ Id='installCyberQP'; Name='installCyberQP'; Label='Install CyberQP'; HandlerFn='Handle-InstallCyberQP'; Page='onboard'; Column='left' }, @{ Id='installSVSHelpDesk'; Name='installSVSHelpDesk'; Label='Install SVS HelpDesk'; HandlerFn='Handle-InstallSVSHelpDesk'; Page='onboard'; Column='left' }, @{ Id='installThreatLocker'; Name='installThreatLocker'; Label='Install ThreatLocker'; HandlerFn='Handle-InstallThreatLocker'; Page='onboard'; Column='left' }, @{ Id='installRocketCyber'; Name='installRocketCyber'; Label='Install RocketCyber'; HandlerFn='Handle-InstallRocketCyber'; Page='onboard'; Column='left' }, @{ Id='installDattoRMM'; Name='installDattoRMM'; Label='Install DattoRMM'; HandlerFn='Handle-InstallDattoRMM'; Page='onboard'; Column='left'; SubOptions= @( @{ Value='inputVar'; Label='Copy Site Variables' }, @{ Value='rmm'; Label='Install RMM Agent' }, @{ Value='exe'; Label='Download Executable' } ) }, # On-Boarding, right column (optional bits) @{ Id='enableBitLocker'; Name='EnableBitLocker'; Label='Enable BitLocker'; HandlerFn='Set-SVSBitLocker'; Page='onboard'; Column='right' }, @{ Id='setEdgeDefaultSearch';Name='setedgedefaultsearch';Label='Set Edge Default Search'; Tooltip='Will configure Edge to use Google as default search provider'; HandlerFn='set-EdgeDefaultSearchProvider';Page='onboard'; Column='right' }, # Off-Boarding @{ Id='uninstallCyberQP'; Name='uninstallCyberQP'; Label='Uninstall CyberQP'; HandlerFn='Uninstall-CyberQP'; Page='offboard' }, @{ Id='uninstallSVSMSPModule'; Name='uninstallSVSMSPModule'; Label='Uninstall SVSMSP Module'; HandlerFn='Cleanup-SVSMSP'; Page='offboard' }, # Tweaks @{ Id='disableAnimations'; Name='disableAnimations'; Label='Disable Animations'; HandlerFn='Disable-Animations'; Page='tweaks' }, # SVS Apps @{ Id='wingetLastpass'; Name='wingetLastpass'; Label='LastPass Desktop App'; HandlerFn='Install-WingetLastPass'; Page='SVSApps' } ) #endregion building the Menus #region Build-Checkboxes function Build-Checkboxes { param($Page, $Column) ( $Global:Tasks | Where-Object Page -EQ $Page | Where-Object Column -EQ $Column | ForEach-Object { $taskId = $_.Id $tooltip = if ($_.PSObject.Properties.Name -contains 'Tooltip' -and $_.Tooltip) { " title='$($_.Tooltip)'" } else { '' } $html = " $($_.Label)" if ($_.SubOptions) { # join inside the code block is fine $subHtml = ( $_.SubOptions | ForEach-Object { "" } ) -join "`n" $html += @" "@ } $html } ) -join "`n" } #endregion Build-Checkboxes #region Get-ModuleVersionHtml ### Get SVSMSP module version to display in the UI function Get-ModuleVersionHtml { $mod = Get-Module -ListAvailable -Name SVSMSP | Sort-Object Version -Descending | Select-Object -First 1 if ($mod) { return "
Module Version: $($mod.Version)
" } return "
SVSMSP_Module not found
" } #endregion Get-ModuleVersionHtml #region Strat-Server # Starts the HTTP listener loop function Start-Server { # make it accessible to Dispatch-Request $Global:Listener = [System.Net.HttpListener]::new() $Global:Listener.Prefixes.Add("http://localhost:$Port/") $Global:Listener.Start() Write-LogHybrid "Listening on http://localhost:$Port/" Info Server try { while ($Global:Listener.IsListening) { $ctx = $Global:Listener.GetContext() try { Dispatch-Request $ctx } catch { Write-LogHybrid "Dispatch error: $_" "Error" "Server" -LogToEvent } } } finally { # once the loop exits, clean up $Global:Listener.Close() Write-LogHybrid "Listener closed." "Info" "Server" -LogToEvent } } #endregion Strat-Server #region UIHtml function Get-UIHtml { param([string]$Page = 'onboard') # no spaces before $style $style = @' '@ # no spaces before $script $script = @' '@ # no spaces before $htmlTemplate $htmlTemplate = @" Script Monkey $style
SVS Logo {{moduleVersion}}
SAMY Logo
Script Automation Monkey (Yeah!)

On-Boarding

This new deployment method ensures everything is successfully deployed with greater ease!

SVSMSP Stack

{{onboardLeftColumn}}

Optional

{{onboardRightColumn}}

Off-Boarding

{{offboardCheckboxes}}

Tweaks

{{tweaksCheckboxes}}

SVS APPs

{{appsCheckboxes}}
$script
"@ # # 4) Build the checkbox HTML and tasks JS from $Global:Tasks # # On-boarding now has two columns: $onboardLeft = Build-Checkboxes -Page 'onboard' -Column 'left' $onboardRight = Build-Checkboxes -Page 'onboard' -Column 'right' # Off-boarding, Tweaks, SVSApps stay one-column: $offboard = Build-Checkboxes -Page 'offboard' -Column '' $tweaks = Build-Checkboxes -Page 'tweaks' -Column '' $apps = Build-Checkboxes -Page 'SVSApps' -Column '' # Tasks JS array (fixed) $tasksJsAll = ( $Global:Tasks | ForEach-Object { " { id: '$($_.Id)', handler: '/$($_.Name)', label: '$($_.Label)' }" } ) -join ",`n" # # 5) Inject into template # $html = $htmlTemplate $html = $html.Replace('{{moduleVersion}}', (Get-ModuleVersionHtml)) $html = $html.Replace('{{onboardLeftColumn}}', $onboardLeft) $html = $html.Replace('{{onboardRightColumn}}', $onboardRight) $html = $html.Replace('{{offboardCheckboxes}}', $offboard) $html = $html.Replace('{{tweaksCheckboxes}}', $tweaks) $html = $html.Replace('{{appsCheckboxes}}', $apps) $html = $html.Replace('{{tasksJsAll}}', $tasksJsAll) $html = $html.Replace('{{defaultPage}}', $Page) return $html } #endregion UIHtml #region Install-DattoRMM <# .SYNOPSIS Installs/configures the Datto RMM agent, fetches site lists, and optionally saves the site list to disk. .DESCRIPTION Centralizes Datto RMM operations in one function: - Fetch API credentials from a webhook (-UseWebhook) - Acquire OAuth token - Fetch site list (-FetchSites) - Save site list to Desktop as JSON or CSV (-FetchSites + -SaveSitesList) - Write site variables to registry (-PushSiteVars) - Download & launch the RMM agent installer (-InstallRMM) - Save a copy of the installer (-SaveCopy) .PARAMETER UseWebhook Fetches ApiUrl, ApiKey, and ApiSecretKey from the webhook when used with WebhookPassword. .PARAMETER WebhookPassword Password for authenticating to the credentials webhook. .PARAMETER WebhookUrl URL of the credentials webhook. Defaults to $Global:DattoWebhookUrl. .PARAMETER ApiUrl Direct Datto API endpoint URL (if not using webhook). .PARAMETER ApiKey Direct Datto API key (if not using webhook). .PARAMETER ApiSecretKey Direct Datto API secret (if not using webhook). .PARAMETER FetchSites Fetches the list of sites and skips all install steps. .PARAMETER SaveSitesList Saves the fetched site list to Desktop using OutputFile. Must be used with -FetchSites. .PARAMETER OutputFile Filename for saving the site list (.json or .csv). Defaults to 'datto_sites.csv'. .PARAMETER PushSiteVars Writes fetched site variables into HKLM:\Software\SVS\Deployment. .PARAMETER InstallRMM Downloads and runs the Datto RMM agent installer. .PARAMETER SaveCopy Saves a copy of the downloaded agent installer to C:\Temp. .PARAMETER SiteUID Unique identifier of the Datto site (required for install and registry push). .PARAMETER SiteName Friendly name of the Datto site (used for logging). .EXAMPLE # Fetch and save site list via webhook Install-DattoRMM -UseWebhook -WebhookPassword 'Tndmeeisdwge!' -FetchSites -SaveSitesList -OutputFile 'sites.csv' .EXAMPLE # Headless install with site variables Install-DattoRMM -ApiUrl 'https://api.example.com' -ApiKey 'KeyHere' -ApiSecretKey 'SecretHere' \ -SiteUID 'site-123' -SiteName 'Acme Corp' -PushSiteVars -InstallRMM .EXAMPLE # Download and save installer to C:\Temp without installing Install-DattoRMM -ApiUrl 'https://api.example.com' -ApiKey 'KeyHere' -ApiSecretKey 'SecretHere' \ -SiteUID 'site-123' -SiteName 'Acme Corp' -SaveCopy #> function Install-DattoRMM { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium')] param ( [switch]$UseWebhook, [string]$WebhookPassword, [string]$WebhookUrl = $Global:DattoWebhookUrl, [string]$ApiUrl, [string]$ApiKey, [string]$ApiSecretKey, [switch]$FetchSites, [switch]$SaveSitesList, [string]$OutputFile = 'datto_sites.csv', [switch]$PushSiteVars, [switch]$InstallRMM, [switch]$SaveCopy, [string]$SiteUID, [string]$SiteName ) # Validate mutually-dependent switches if ($SaveSitesList -and -not $FetchSites) { Write-LogHybrid "-SaveSitesList requires -FetchSites." Error DattoRMM -LogToEvent; return } # 1) Optionally fetch credentials from webhook if ($UseWebhook) { if (-not $WebhookPassword) { Write-LogHybrid "Webhook password missing." Error DattoRMM -LogToEvent; return } try { $resp = Invoke-RestMethod -Uri $WebhookUrl ` -Headers @{ SVSMSPKit = $WebhookPassword } ` -Method GET $ApiUrl = $resp.ApiUrl $ApiKey = $resp.ApiKey $ApiSecretKey = $resp.ApiSecretKey Write-LogHybrid "Webhook credentials fetched." Success DattoRMM -LogToEvent } catch { Write-LogHybrid "Failed to fetch webhook credentials: $($_.Exception.Message)" Error DattoRMM -LogToEvent; return } } # 2) Validate API parameters if (-not $ApiUrl -or -not $ApiKey -or -not $ApiSecretKey) { Write-LogHybrid "Missing required API parameters." Error DattoRMM -LogToEvent; return } # 3) Acquire OAuth token [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 try { $publicCred = New-Object System.Management.Automation.PSCredential( 'public-client', (ConvertTo-SecureString 'public' -AsPlainText -Force) ) $tokenResp = Invoke-RestMethod -Uri "$ApiUrl/auth/oauth/token" ` -Credential $publicCred ` -Method Post ` -ContentType 'application/x-www-form-urlencoded' ` -Body "grant_type=password&username=$ApiKey&password=$ApiSecretKey" $token = $tokenResp.access_token Write-LogHybrid "OAuth token acquired." Success DattoRMM -LogToEvent } catch { Write-LogHybrid "OAuth token fetch failed: $($_.Exception.Message)" Error DattoRMM-LogToEvent; return } $headers = @{ Authorization = "Bearer $token" } # 4) Fetch site list only if ($FetchSites) { try { $sitesResp = Invoke-RestMethod -Uri "$ApiUrl/api/v2/account/sites" -Method Get -Headers $headers $siteList = $sitesResp.sites | ForEach-Object { [PSCustomObject]@{ Name = $_.name; UID = $_.uid } } Write-LogHybrid "Fetched $($siteList.Count) sites." Success DattoRMM -LogToEvent if ($SaveSitesList) { $desktop = [Environment]::GetFolderPath('Desktop') $path = Join-Path $desktop $OutputFile $ext = [IO.Path]::GetExtension($OutputFile).ToLower() if ($ext -eq '.json') { $siteList | ConvertTo-Json -Depth 3 | Out-File -FilePath $path -Encoding UTF8 } else { $siteList | Export-Csv -Path $path -NoTypeInformation -Encoding UTF8 } Write-LogHybrid "Wrote $($siteList.Count) sites to $path" Success DattoRMM -LogToEvent } return $siteList } catch { Write-LogHybrid "Failed to fetch sites: $($_.Exception.Message)" Error DattoRMM -LogToEvent; return @() } } # 5) Push site variables to registry if ($PushSiteVars) { try { $varsResp = Invoke-RestMethod -Uri "$ApiUrl/api/v2/site/$SiteUID/variables" -Method Get -Headers $headers Write-LogHybrid "Fetched variables for '$SiteName'." Success DattoRMM -LogToEvent } catch { Write-LogHybrid "Variable fetch failed: $($_.Exception.Message)" Error DattoRMM -LogToEvent } $regPath = "HKLM:\Software\SVS\Deployment" foreach ($v in $varsResp.variables) { try { if (-not (Test-Path $regPath)) { New-Item -Path $regPath -Force | Out-Null } New-ItemProperty -Path $regPath -Name $v.name -Value $v.value -PropertyType String -Force | Out-Null Write-LogHybrid "Wrote '$($v.name)' to registry." Success DattoRMM -LogToEvent } catch { Write-LogHybrid "Failed to write '$($v.name)': $($_.Exception.Message)" Error DattoRMM -LogToEvent } } } # 6) Download & install RMM agent if ($InstallRMM) { if ($PSCmdlet.ShouldProcess("Site '$SiteName'", "Install RMM agent")) { try { $dlUrl = "https://zinfandel.centrastage.net/csm/profile/downloadAgent/$SiteUID" $tmp = "$env:TEMP\AgentInstall.exe" Invoke-WebRequest -Uri $dlUrl -OutFile $tmp -UseBasicParsing Write-LogHybrid "Downloaded agent to $tmp." Info DattoRMM -LogToEvent Start-Process -FilePath $tmp -NoNewWindow Write-LogHybrid "RMM agent installer launched." Success DattoRMM -LogToEvent } catch { Write-LogHybrid "Agent install failed: $($_.Exception.Message)" Error DattoRMM -LogToEvent } } } # 7) Save a copy of installer to C:\Temp if ($SaveCopy) { try { $dlUrl = "https://zinfandel.centrastage.net/csm/profile/downloadAgent/$SiteUID" $path = "C:\Temp\AgentInstall.exe" if (-not (Test-Path 'C:\Temp')) { New-Item -Path 'C:\Temp' -ItemType Directory | Out-Null } Invoke-WebRequest -Uri $dlUrl -OutFile $path -UseBasicParsing Write-LogHybrid "Saved installer copy to $path." Info DattoRMM -LogToEvent } catch { Write-LogHybrid "Save-copy failed: $($_.Exception.Message)" Error DattoRMM -LogToEvent } } # 8) Warn if no action was taken if (-not ($PushSiteVars -or $InstallRMM -or $SaveCopy)) { Write-LogHybrid "No action specified. Use -FetchSites, -SaveSitesList, -PushSiteVars, -InstallRMM, or -SaveCopy." Warning DattoRMM -LogToEvent } } #endregion Install-DattoRMM #region Dispatch-Request # Sends the HTML for a given page or invokes a task handler function Dispatch-Request { param($Context) # figure out the path $path = $Context.Request.Url.AbsolutePath.TrimStart('/') # ---- Shutdown handler ---- if ($path -eq 'quit') { Write-LogHybrid "Shutdown requested" "Info" "Server" -LogToEvent Respond-Text $Context "Server shutting down." # stop the listener loop $Global:Listener.Stop() return } # ---- Fetch Sites endpoint ---- if ($Context.Request.HttpMethod -eq 'POST' -and $path -eq 'getpw') { Handle-FetchSites $Context return } # ---- Serve UI pages ---- if ($path -in @('', 'onboard', 'offboard', 'tweaks', 'SVSApps')) { $page = if ($path -eq '') { 'onboard' } else { $path } $html = Get-UIHtml -Page $page Respond-HTML $Context $html return } # ---- Task invocation ---- $task = $Global:Tasks | Where-Object Name -EQ $path if ($task) { & $task.HandlerFn $Context return } # ---- 404 ---- $Context.Response.StatusCode = 404 Respond-Text $Context '404 - Not Found' } #endregion Dispatch-Request #region EntryPoint: Define Invoke-ScriptMonkey # ───────────────────────────────────────────────────────────────────────── # 3) MAIN LOGIC (Toolkit vs DattoFetch vs DattoInstall vs UI) # ───────────────────────────────────────────────────────────────────────── switch ($PSCmdlet.ParameterSetName) { 'Toolkit' { Write-LogHybrid "Toolkit-only mode" Info Startup -LogToEvent Install-SVSMSP -InstallToolkit return } 'Cleanup' { Write-LogHybrid "Running Toolkit cleanup mode" Info Startup -LogToEvent Install-SVSMSP -Cleanup return } # ─────────────────────────────────────────────────────────── # 2) If user only wants the site list, do that and exit # ─────────────────────────────────────────────────────────── 'DattoFetch' { Write-LogHybrid "Fetching site list only…" Info DattoAuth -LogToEvent $sites = Install-DattoRMM ` -UseWebhook ` -WebhookPassword $WebhookPassword ` -FetchSites ` -SaveSitesList:$SaveSitesList ` -OutputFile $OutputFile Write-LogHybrid "Done." Success DattoAuth -LogToEvent return } # ──────────────────────────────────────────── # 3) Invoke the existing Install-DattoRMM cmdlet # ──────────────────────────────────────────── 'DattoInstall' { Write-LogHybrid "Headless DattoRMM deploy" Info DattoAuth -LogToEvent if ($PSCmdlet.ShouldProcess("Datto site '$SiteName'", "Headless install")) { Install-DattoRMM ` -UseWebhook ` -WebhookPassword $WebhookPassword ` -SiteUID $SiteUID ` -SiteName $SiteName ` -PushSiteVars:$PushSiteVars ` -InstallRMM:$InstallRMM ` -SaveCopy:$SaveCopy } return } 'UI' { Write-LogHybrid "Starting ScriptMonkey UI on http://localhost:$Port/" Info Startup Start-Process "msedge.exe" -ArgumentList "--app=http://localhost:$Port" Start-Server # blocks until you click Exit return } } #endregion EntryPoint: Define Invoke-ScriptMonkey #region — guarantee NuGet provider is present without prompting # ─── Top of script ─── Import-Module PackageManagement -Force -ErrorAction SilentlyContinue | Out-Null Import-Module PowerShellGet -Force -ErrorAction SilentlyContinue | Out-Null # ─── ensure TLS 1.2 + no prompts ─── [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $ProgressPreference = 'SilentlyContinue' $ConfirmPreference = 'None' # check if NuGet exists (no output—assigned to $nuget) $nuget = Get-PackageProvider -Name NuGet -ListAvailable -ErrorAction SilentlyContinue if (-not $nuget) { # install it (again, assignment suppresses the table) Install-PackageProvider ` -Name NuGet ` -MinimumVersion 2.8.5.201 ` -Force ` -Confirm:$false # re-query just for version info $found = Get-PackageProvider -Name NuGet -ListAvailable Write-LogHybrid "Installed NuGet provider v$($found.Version)" Info Bootstrap -LogToEvent } else { Write-LogHybrid "NuGet provider already present (v$($found.Version))" Info Bootstrap -LogToEvent } # now import it silently Import-PackageProvider -Name NuGet -Force -ErrorAction SilentlyContinue | Out-Null # ensure trust PSGallery without its own output (so you don't get “untrusted repository” prompt $gallery = Get-PSRepository -Name PSGallery -ErrorAction SilentlyContinue if ($gallery.InstallationPolicy -ne 'Trusted') { Set-PSRepository ` -Name PSGallery ` -InstallationPolicy Trusted ` -ErrorAction SilentlyContinue | Out-Null Write-LogHybrid "PSGallery marked as Trusted" Info Bootstrap -LogToEvent } #endregion #region HTTP Listener & Routing # Handle shutdown command if ($path -eq 'quit') { Write-LogHybrid "Shutdown requested" "Info" "Server" Respond-Text $Context "Server shutting down." # This will break out of the while loop in Start-Server $Global:Listener.Stop() return } #endregion } # End function Invoke-ScriptMonkey if ($MyInvocation.InvocationName -eq '.') { # dot-sourced, don't invoke } elseif ($PSCommandPath) { # script was saved and run directly Invoke-ScriptMonkey @PSBoundParameters } else { # iwr | iex fallback if ($args.Count -gt 0) { # Convert -Param value -Switch into a hashtable for splatting $namedArgs = @{} for ($i = 0; $i -lt $args.Count; $i++) { if ($args[$i] -is [string] -and $args[$i].StartsWith('-')) { $key = $args[$i].TrimStart('-') $next = $args[$i + 1] if ($next -and ($next -notlike '-*')) { $namedArgs[$key] = $next $i++ # Skip next one, it's the value } else { $namedArgs[$key] = $true } } } Invoke-ScriptMonkey @namedArgs } else { Invoke-ScriptMonkey } }