DSCResources/DSC_ExchAntiMalwareScanning/DSC_ExchAntiMalwareScanning.psm1
function Get-TargetResource { [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSDSCUseVerboseMessageInDSCResource", "")] [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( [Parameter(Mandatory = $true)] [System.Boolean] $Enabled, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential, [Parameter()] [System.Boolean] $AllowServiceRestart = $false ) Write-FunctionEntry -Parameters @{ 'Enabled' = $Enabled } -Verbose:$VerbosePreference # Establish remote PowerShell session Get-RemoteExchangeSession -Credential $Credential -CommandsToLoad 'Get-TransportAgent' -Verbose:$VerbosePreference $agent = Get-TransportAgent -Identity "Malware Agent" if ($null -ne $agent) { $returnValue = @{ Enabled = [System.Boolean] $agent.Enabled } } $returnValue } function Set-TargetResource { [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSDSCUseVerboseMessageInDSCResource", "")] [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.Boolean] $Enabled, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential, [Parameter()] [System.Boolean] $AllowServiceRestart = $false ) Write-FunctionEntry -Parameters @{ 'Enabled' = $Enabled } -Verbose:$VerbosePreference $exScriptsRoot = Join-Path -Path ((Get-ItemProperty HKLM:\SOFTWARE\Microsoft\ExchangeServer\v15\Setup).MsiInstallPath) -ChildPath 'Scripts' if ($Enabled -eq $true) { $antiMalwareScriptPath = Join-Path -Path $exScriptsRoot -ChildPath 'Enable-AntimalwareScanning.ps1' } else { $antiMalwareScriptPath = Join-Path -Path $exScriptsRoot -ChildPath 'Disable-AntimalwareScanning.ps1' } # Override Write-Host, as it is used by the target scripts, and causes a DSC error since the session is not interactive New-Alias Write-Host Write-Verbose $antiMalwareScriptParams = @{} if ($AllowServiceRestart -eq $true) { $antiMalwareScriptParams.Add('ForceRestart', $true) } else { Write-Warning -Message 'The configuration will not take effect until the MSExchangeTransport service is manually restarted.' } $snapinsToRemove = @('Microsoft.Exchange.Management.Powershell.E2010', 'Microsoft.Forefront.Filtering.Management.PowerShell') Invoke-DotSourcedScript ` -ScriptPath $antiMalwareScriptPath ` -ScriptParams $antiMalwareScriptParams ` -SnapinsToRemove $snapinsToRemove ` -Verbose:$VerbosePreference Remove-Item Alias:Write-Host } function Test-TargetResource { [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSDSCUseVerboseMessageInDSCResource", "")] [CmdletBinding()] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $true)] [System.Boolean] $Enabled, [Parameter(Mandatory = $true)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential, [Parameter()] [System.Boolean] $AllowServiceRestart = $false ) Write-FunctionEntry -Parameters @{ 'Enabled' = $Enabled } -Verbose:$VerbosePreference $agentStatus = Get-TargetResource @PSBoundParameters $testResults = $true if ($null -eq $agentStatus -or $null -eq $agentStatus.Enabled) { Write-Verbose -Message 'Unable to retrieve AntiMalware Agent Status for server' $testResults = $false } else { if (!(Test-ExchangeSetting -Name 'Enabled' -Type 'Boolean' -ExpectedValue $Enabled -ActualValue $agentStatus.Enabled -PSBoundParametersIn $PSBoundParameters -Verbose:$VerbosePreference)) { $testResults = $false } } return $testResults } Export-ModuleMember -Function *-TargetResource |