Public/Invoke-Shutdown.ps1

#Requires -Module CimCmdlets
#Requires -RunAsAdministrator
function global:Invoke-Shutdown
{
    <#
        .EXTERNALHELP HelperFunctions.psm1-Help.xml
    #>

    
    [CmdletBinding(SupportsShouldProcess = $true)]
    [OutputType([int])]
    param
    (
        [Parameter(Mandatory = $true,
                 ValueFromPipeline = $true,
                 ValueFromPipelineByPropertyName = $true,
                 HelpMessage = 'Provide the FQDN of the computer you wish to shut down')]
        [Alias ('CN', 'Computer', 'ServerName', 'Server', 'IP')]
        [ValidateScript({
                $ComputerName | ForEach-Object {
                    if ((Test-NetConnection -ComputerName $_ -CommonTCPPort WINRM -ErrorAction SilentlyContinue).TcpTestSucceeded -eq $true)
                    {
                        return $true
                    }
                    else
                    {
                        Write-Error "Cannot connect to $_."
                    }
                }
            })]
        [ValidateNotNullOrEmpty()]
        [string[]]$ComputerName = $env:COMPUTERNAME,
        [Parameter(Mandatory = $true,
                 HelpMessage = 'Select the Shutdown Type.')]
        [ValidateSet('Logoff', 'Shutdown', 'Reboot', 'PowerOff')]
        [string]$ShutdownType,
        [Parameter(Mandatory = $false,
                 HelpMessage = 'Add this switch to force a reboot or shutdown or logoff')]
        [switch]$Force,
        [Parameter(Mandatory = $false,
                 HelpMessage = 'Enter the $Timeout value in seconds')]
        [uint32]$Wait,
        [Parameter(Mandatory = $false,
                 HelpMessage = 'Enter the reason for this action')]
        [Alias('Message')]
        [string]$Comment = "A remote shutdown was initiated by $([Environment]::UserName).",
        [Parameter(Mandatory = $true,
                 HelpMessage = 'Enter a valued value from within the NOTES section')]
        [ShutDown_MajorReason]$MajorReasonCode,
        [Parameter(Mandatory = $true,
                 HelpMessage = 'Enter the Minor value from the NOTES section')]
        [ShutDown_MinorReason]$MinorReasonCode,
        [Parameter(Mandatory = $false,
                 HelpMessage = 'Select this switch if this was an unplanned action')]
        [switch]$Unplanned,
        [Parameter(Mandatory = $false,
                 HelpMessage = 'Specify administrator credentials for the computer.')]
        [System.Management.Automation.PsCredential]$Credential
    )
    
    begin
    {
        $Error.Clear()
        $ns = 'root\CIMv2'
        # Enable TLS 1.2 and 1.3
        try
        {
            #https://docs.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netcore-2.0#System_Net_SecurityProtocolType_SystemDefault
            if ($PSVersionTable.PSVersion.Major -lt 6 -and [Net.ServicePointManager]::SecurityProtocol -notmatch 'Tls12')
            {
                Write-Verbose -Message 'Adding support for TLS 1.2'
                [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls12
            }
        }
        catch
        {
            Write-Warning -Message 'Adding TLS 1.2 to supported security protocols was unsuccessful.'
        }
        
        $localComputer = Get-CimInstance -ClassName CIM_ComputerSystem -Namespace 'root\CIMv2' -ErrorAction SilentlyContinue
        $thisHost = "{0}.{1}" -f $localComputer.Name, $localComputer.Domain
        
        if (($localComputer.Caption -match "Windows 11") -eq $true)
        {
            try
            {
                #https://docs.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netcore-2.0#System_Net_SecurityProtocolType_SystemDefault
                if ($PSVersionTable.PSVersion.Major -lt 6 -and [Net.ServicePointManager]::SecurityProtocol -notmatch 'Tls13')
                {
                    Write-Verbose -Message 'Adding support for TLS 1.3'
                    [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls13
                }
            }
            catch
            {
                Write-Warning -Message 'Adding TLS 1.3 to supported security protocols was unsuccessful.'
            }
        }
        elseif (($localComputer.Caption -match "Server 2022") -eq $true)
        {
            try
            {
                #https://docs.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netcore-2.0#System_Net_SecurityProtocolType_SystemDefault
                if ($PSVersionTable.PSVersion.Major -lt 6 -and [Net.ServicePointManager]::SecurityProtocol -notmatch 'Tls13')
                {
                    Write-Verbose -Message 'Adding support for TLS 1.3'
                    [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls13
                }
            }
            catch
            {
                Write-Warning -Message 'Adding TLS 1.3 to supported security protocols was unsuccessful.'
            }
        }
        
        if ($PSBoundParameters.ContainsKey('ComputerName') -and ($PSBoundParameters["ComputerName"] -ne $null) -and ($PSBoundParameters["ComputerName"].Count -gt 1))
        {
            $ComputerName = $ComputerName -split (",")
        }
        elseif ($PSBoundParameters.ContainsKey('ComputerName') -and ($PSBoundParameters["ComputerName"] -ne $null) -and ($PSBoundParameters["ComputerName"].Count -eq 1))
        {
            $ComputerName = $PSBoundParameters["ComputerName"]
        }
        
        if ($PSBoundParameters.ContainsKey('Force'))
        {
            $Flags = ([ShutDownType]$ShutdownType).value__ + 4
        }
        else
        {
            $Flags = ([ShutDownType]$ShutdownType).value__
        }
        
        $PlannedReasonCode = (0x80000000) * -1
        if ($PSBoundParameters.ContainsKey('Unplanned'))
        {
            $ReasonCode = $MajorReasonCode.value__ + $MinorReasonCode.value__
        }
        else
        {
            $ReasonCode = $MajorReasonCode.value__ + $MinorReasonCode.value__ + $PlannedReasonCode
        }
        
        $params = @{
            Flags     = $Flags
            Comment    = $Comment
            ReasonCode = $ReasonCode
        }
        
        if ($PSBoundParameters.ContainsKey("Wait"))
        {
            $params.Add("Timeout", $Wait)
        }
        else
        {
            $params.Add("Timeout", [uint32]30)
        }
        
    }
    process
    {
        foreach ($computer in $ComputerName)
        {
            try
            {
                Write-Verbose ("Testing Connection to {0}..." -f $computer)
                
                $tcParams = @{
                    ComputerName = $computer
                    Count       = 1
                    Quiet       = $true
                }
                
                if (($PSBoundParameters.ContainsKey("Credential")) -and ($null -ne $PSBoundParameters["Credential"])) { $tcParams.Add("Credential", $Credential) }
                if ((Test-Connection @tcParams) -eq $true)
                {
                    
                    if ($computer -eq ([System.Net.Dns]::GetHostByName("LocalHost").HostName))
                    {
                        try
                        {
                            try
                            {
                                $osParams = @{
                                    Class             = "Win32_OperatingSystem"
                                    Namespace             = $ns
                                    EnableAllPrivileges = $true
                                    ErrorAction         = 'Stop'
                                }
                                
                                if (($PSBoundParameters.ContainsKey("Credential")) -and ($null -ne $PSBoundParameters["Credential"])) { $osParams.Add("Credential", $Credential) }
                                $OS = Get-WmiObject $osParams
                                if ($PSCmdlet.ShouldProcess($computer, "Execute shutdown/reboot process on $($computer)"))
                                {
                                    $result = $OS.Win32ShutdownTracker($Timeout, $Comment, $ReasonCode, $Flags)
                                }
                                
                            }
                            catch
                            {
                                $errorMessage = "{0}: {1}" -f $Error[0], $Error[0].InvocationInfo.PositionMessage
                                Write-Error $errorMessage -ErrorAction Continue
                            }
                            
                            if ($PSBoundParameters.ContainsKey('Verbose'))
                            {
                                switch ($result.ReturnValue)
                                {
                                    
                                    0 {
                                        Write-Verbose "$($MyInvocation.InvocationName) on $computer processed successfully."
                                    }
                                    1190 {
                                        Write-Verbose "$($MyInvocation.InvocationName) on $computer returned error code 1190. A system shutdown has already been scheduled."
                                    }
                                    1191 {
                                        Write-Verbose "$($MyInvocation.InvocationName) on $computer returned error code 1191. A user is still logged into the system. Use the -Force parameter if necessary."
                                    }
                                    default {
                                        Write-Verbose "$($MyInvocation.InvocationName) on $computer returned error code $result. System Error Codes can be found here: https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes"
                                    }
                                    
                                }
                            }
                            
                            return $result.ReturnValue
                        }
                        catch
                        {
                            $errorMessage = "{0}: {1}" -f $Error[0], $Error[0].InvocationInfo.PositionMessage
                            Write-Error $errorMessage -ErrorAction Continue
                        }
                    }
                    else
                    {
                        try
                        {
                            if (($PSBoundParameters.ContainsKey('Credential')) -and ($null -ne $PSBoundParameters["Credential"]))
                            {
                                $session = New-CimSession -ComputerName $computer -Credential $Credential -Authentication Negotiate -SkipTestConnection -ErrorAction Stop
                            }
                            else
                            {
                                $session = New-CimSession -ComputerName $computer -SkipTestConnection -ErrorAction Stop
                            }
                            
                        }
                        catch
                        {
                            try
                            {
                                Write-Information ("Unable to connect to {0} using WSMan, attempting to use DCOM protocol instead" -f $computer)
                                if (($PSBoundParameters.ContainsKey('Credential')) -and ($null -ne $PSBoundParameters["Credential"]))
                                {
                                    $session = New-CimSession -ComputerName $computer -Credential $Credential -Authentication Negotiate -SessionOption (New-CimSessionOption -Protocol Dcom) -SkipTestConnection -ErrorAction Stop
                                }
                                else
                                {
                                    $session = New-CimSession -ComputerName $computer -SessionOption (New-CimSessionOption -Protocol Dcom) -SkipTestConnection -ErrorAction Stop
                                }
                            }
                            catch
                            {
                                $errorMessage = "Unable to connect to {0} with WSMan or DCOM protocols" -f $computer
                                Write-Error -Message $errorMessage -ErrorAction Continue
                            }
                        }
                        
                        if ($null -ne $session.Name)
                        {
                            try
                            {
                                $OS = Get-CimInstance -ClassName Win32_OperatingSystem -Namespace $ns -CimSession $session -ErrorAction Stop
                                
                                if ($PSCmdlet.ShouldProcess($computer, "Execute shutdown method on $($computer)"))
                                {
                                    if ($PSBoundParameters.ContainsKey('Force'))
                                    {
                                        Invoke-CimMethod -CimInstance $OS -MethodName Win32ShutdownTracker -Arguments $params -CimSession $session
                                        if ($? -eq $true)
                                        {
                                            $result = "0"
                                            if ($result -eq 0)
                                            {
                                                [PSCustomObject]@{
                                                    ComputerName = $computer
                                                    ShutdownType = $ShutdownType
                                                    ReasonCode   = "$($MajorReasonCode): $MinorReasonCode"
                                                    CommandSuccessful = $true
                                                }
                                            }
                                        }
                                    }
                                    else
                                    {
                                        $result = (Invoke-CimMethod -CimInstance $OS -MethodName Win32ShutdownTracker -Arguments $params -CimSession $session).ReturnValue
                                        if ($result -eq 0)
                                        {
                                            [PSCustomObject]@{
                                                ComputerName = $computer
                                                ShutdownType = $ShutdownType
                                                ReasonCode   = "$($MajorReasonCode): $MinorReasonCode"
                                                CommandSuccessful = $true
                                            }
                                        }
                                    }
                                }
                                
                            }
                            catch
                            {
                                $errorMessage = "{0}: {1}" -f $Error[0], $Error[0].InvocationInfo.PositionMessage
                                Write-Error $errorMessage -ErrorAction Continue
                            }
                            
                            Remove-CimSession -CimSession $session
                        }
                        
                    }
                    
                }
                else
                {
                    Write-Error ("{0} is not currently available. No shutdown request processed" -f $computer) -Category ConnectionError -ErrorVariable +connectionErrors
                    return -1
                }
                
            }
            catch [System.Management.Automation.MethodInvocationException]
            {
                
                Write-Verbose "Generic Failure may be caused if 'ShutdownType' of 'Logoff' was used and no users were logged in at the time."
                Write-Error $_
                return -2
                
            }
            catch
            {
                
                Write-Verbose "Error Type is $($_.Exception.GetType().FullName)"
                Write-Error $_
                return -256
                
            }
            
        }
        
    }
    end
    {
        Write-Verbose ("Invoke-Shutdown processing complete. There were {0} connection errors." -f $connectionErrors.Count)
    }
} #end Invoke-Shutdown