Public/Network/Security/Send-WolProxyRequest.ps1

#Requires -Version 3
function Send-WolProxyRequest {

  <#
.NOTES
    Created on: 5/21/2014 1:33 PM
    Created by: Adam Bertram
    Filename: Send-WolProxyRequest.ps1
    General Requirements: Read access to a System Center Configuration Manager database
    Requirements:
        Wake On LAN Command Line Utility (http://www.depicus.com/wake-on-lan/wake-on-lan-cmd.aspx)
    Todos:
        Remove the dependency on wolcmd.exe. Use the Net.Sockets.UdpClient object instead.
        Speed this up by using jobs
.DESCRIPTION
    This script is designed to send a WOL magic packet to a specified computer. If the specified computer is not
    on the same network as the originatnating computer, it will attempt to find a "proxy" Windows computer to
    initiate the WOL send. This gets around traditional network multicasting requirements.

    This script currently requires access to a System Center Configuration Manager database. This
    script uses it to find the various network information about the specified computer to wake.

    This script uses a text file to store known good candidates to be used as WOL proxies. It can either
    be prepopulated with Windows PCs or as you use this script more the script will populate it with
    all of the WOL proxies it picks as to speed up the selection process.
.EXAMPLE
    .\Send-WolProxyRequest.ps1 -Computername COMPUTERNAME
.EXAMPLE
    .\Send-WolProxyRequest.ps1 -Computername COMPUTERNAME -UsePsRemoting
.PARAMETER Computername
     This computer name that you'd like to attempt to wake up.
.PARAMETER ConfigMgrSite
    The site code of your ConfigMgr site
.PARAMETER ConfigMgrSiteServer
    The computer name of your ConfigMgr site server hosting your database
.PARAMETER WolCmdFilePath
    The file path where the wolcmd.exe utility is located
.PARAMETER UsePsRemoting
    Use this switch if you'd like to use Powershell remoting to kick off the WOL attempt on the WOL proxy
    rather than using WMI to initiate the remote process
.PARAMETER KnownGoodWolProxyHostsFilePath
    The file path to the text file that contains any Windows computers that were previously
    found to be suitable WOL proxies.
#>

  [CmdletBinding()]
  param (
    [Parameter(Mandatory = $True, ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)]
    [string]$Computername,

    [Parameter(Mandatory = $False, ValueFromPipeline = $False, ValueFromPipelineByPropertyName = $False)]
    [string]$ConfigMgrSite = 'UHP',

    [Parameter(Mandatory = $False, ValueFromPipeline = $False, ValueFromPipelineByPropertyName = $False)]
    [ValidateScript({ Test-Connection $_ -Quiet -Count 1 })]
    [string]$ConfigMgrSiteServer = 'CONFIGMANAGER',

    [Parameter(Mandatory = $False, ValueFromPipeline = $False, ValueFromPipelineByPropertyName = $False)]
    [ValidateScript({ Test-Path $_ })]
    [string]$WolCmdFilePath = 'wolcmd.exe',

    [Parameter(Mandatory = $False, ValueFromPipeline = $False, ValueFromPipelineByPropertyName = $False)]
    [switch]$UsePsRemoting = $false,

    [Parameter(Mandatory = $False, ValueFromPipeline = $False, ValueFromPipelineByPropertyName = $False)]
    [string]$KnownGoodWolProxyHostsFilePath = "$($env:USERPROFILE)\desktop\KnownGoodWolProxies.txt"
  )

  begin {

    function ConvertTo-DecimalIP {
      <#
        .Synopsis
          Converts a Decimal IP address into a 32-bit unsigned integer.
        .Description
          ConvertTo-DecimalIP takes a decimal IP, uses a shift-like operation on each octet and returns a single UInt32 value.
        http://www.indented.co.uk/2010/01/23/powershell-subnet-math/
        .Parameter IPAddress
          An IP Address to convert.
      #>


      [CmdLetBinding()]
      param (
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
        [Net.IPAddress]$IPAddress
      )

      process {
        $i = 3; $DecimalIP = 0;
        $IPAddress.GetAddressBytes() | ForEach-Object { $DecimalIP += $_ * [Math]::Pow(256, $i); $i-- }

        return [UInt32]$DecimalIP
      }
    }

    function ConvertTo-DottedDecimalIP {
      <#
        .Synopsis
          Returns a dotted decimal IP address from either an unsigned 32-bit integer or a dotted binary string.
        .Description
          ConvertTo-DottedDecimalIP uses a regular expression match on the input string to convert to an IP address.
        http://www.indented.co.uk/2010/01/23/powershell-subnet-math/
        .Parameter IPAddress
          A string representation of an IP address from either UInt32 or dotted binary.
      #>


      [CmdLetBinding()]
      param (
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
        [String]$IPAddress
      )

      process {
        Switch -RegEx ($IPAddress) {
          "([01]{8}.){3}[01]{8}" {
            return [String]::Join('.', $($IPAddress.Split('.') | ForEach-Object { [Convert]::ToUInt32($_, 2) }))
          }
          "\d" {
            $IPAddress = [UInt32]$IPAddress
            $DottedIP = $(For ($i = 3; $i -gt -1; $i--) {
                $Remainder = $IPAddress % [Math]::Pow(256, $i)
                        ($IPAddress - $Remainder) / [Math]::Pow(256, $i)
                $IPAddress = $Remainder
              })

            return [String]::Join('.', $DottedIP)
          }
          default {
            Write-Error "Cannot convert this format"
          }
        }
      }
    }

    function Get-NetworkAddress {
      <#
        .Synopsis
          Takes an IP address and subnet mask then calculates the network address for the range.
        .Description
          Get-NetworkAddress returns the network address for a subnet by performing a bitwise AND
          operation against the decimal forms of the IP address and subnet mask. Get-NetworkAddress
          expects both the IP address and subnet mask in dotted decimal format.
        http://www.indented.co.uk/2010/01/23/powershell-subnet-math/
        .Parameter IPAddress
          Any IP address within the network range.
        .Parameter SubnetMask
          The subnet mask for the network.
          #>


      [CmdLetBinding()]
      param (
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
        [Net.IPAddress]$IPAddress,

        [Parameter(Mandatory = $true, Position = 1)]
        [Alias("Mask")]
        [Net.IPAddress]$SubnetMask
      )

      process {
        [pscustomobject]@{ 'NetworkAddress' = (ConvertTo-DottedDecimalIP ((ConvertTo-DecimalIP $IPAddress) -band (ConvertTo-DecimalIP $SubnetMask))) }
      }
    }

    function ConvertTo-Mask {
      <#
        .Synopsis
          Returns a dotted decimal subnet mask from a mask length.
        .Description
          ConvertTo-Mask returns a subnet mask in dotted decimal format from an integer value ranging
          between 0 and 32. ConvertTo-Mask first creates a binary string from the length, converts
          that to an unsigned 32-bit integer then calls ConvertTo-DottedDecimalIP to complete the operation.
        .Parameter MaskLength
          The number of bits which must be masked.
      #>


      [CmdLetBinding()]
      param (
        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
        [Alias("Length")]
        [ValidateRange(0, 32)]
        $MaskLength
      )

      Process {
        return ConvertTo-DottedDecimalIP ([Convert]::ToUInt32($(("1" * $MaskLength).PadRight(32, "0")), 2))
      }
    }

    function Get-NetworkRange([String]$IP, [String]$Mask) {
      if ($IP.Contains("/")) {
        $Temp = $IP.Split("/")
        $IP = $Temp[0]
        $Mask = $Temp[1]
      }

      if (!$Mask.Contains(".")) {
        $Mask = ConvertTo-Mask $Mask
      }

      $DecimalIP = ConvertTo-DecimalIP $IP
      $DecimalMask = ConvertTo-DecimalIP $Mask

      $Network = $DecimalIP -band $DecimalMask
      $Broadcast = $DecimalIP -bor ((-bnot $DecimalMask) -band [UInt32]::MaxValue)

      for ($i = $($Network + 1); $i -lt $Broadcast; $i++) {
        ConvertTo-DottedDecimalIP $i
      }
    }

    function Get-OfflineComputerNetworkInformation ($Computername) {
      $WmiQuery = "SELECT DISTINCT *
        FROM SMS_R_System AS sys
        JOIN SMS_G_System_NETWORK_ADAPTER_CONFIGURATION AS net ON net.ResourceID = sys.ResourceID
        WHERE sys.Name = '$ComputerName' AND
        net.IPAddress IS NOT NULL"


      $WmiParams = @{
        'ComputerName' = $ConfigMgrSiteServer
        'Namespace'    = "root\sms\site_$ConfigMgrSite"
        'Query'        = $WmiQuery
      }

      ## Query all network interfaces on the local machine and parse out IP address, subnet mask and the MAC
      Write-Verbose "Querying site server '$ConfigMgrSiteServer' with query '$WmiQuery'"
      try {
        $Output = @{ }
        $NetworkInfo = Get-WmiObject @WmiParams
        if (!$NetworkInfo) {
          throw "Computer '$Computername' could not be found in the SCCM database"
        } else {
          $NetworkInfo | ForEach-Object {
            $Output.IPAddress = [string]([regex]'\b(?:\d{1,3}\.){3}\d{1,3}\b').Matches($_.net.IPAddress)
            $Output.SubnetMask = [string]([regex]'\b(?:\d{1,3}\.){3}\d{1,3}\b').Matches($_.net.IPSubnet)
            $Output.MACAddress = [string](($_.net.MACAddress.replace(":", "")).replace("-", "")).replace(".", "")
          }
        }
        [pscustomobject]$Output
      } catch {
        Write-Error $_.Exception.Message
      }
    }

    function Get-LocalIpNetwork {
      Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "IPEnabled = 'True'" | Where-Object { $_.IPAddress -and $_.IPSubnet } | ForEach-Object {
        [pscustomobject]@{ 'LocalIPNetwork' = (Get-NetworkAddress -IPAddress $_.IPAddress[0] -SubnetMask $_.IPSubnet[0]) }
      }
    }

    function Test-Ping {
      param ($ComputerName)
      try {
        $oPing = New-Object system.net.networkinformation.ping;
        if (($oPing.Send($ComputerName, 200).Status -eq 'TimedOut')) {
          $false
        } else {
          $true
        }
      } catch [System.Exception] {
        $false
      }##endtry
    }

    function Test-Wmi ($IpAddress) {
      try {
        $Result = ([WMICLASS]"\\$IpAddress\Root\CIMV2:Win32_Process").create("hostname")
        if ($Result.ReturnValue -eq 0) {
          $true
        } else {
          $false
        }
      } catch {
        $false
      }
    }

    function Validate-IsValidHost ($IpAddress) {
      try {
        Write-Verbose "Testing $IpAddress Ping"
        if (Test-Ping -ComputerName $IpAddress) {
          Write-Verbose "Testing $IpAddress Ping - Success"
          ## Assume if the C$ share is available, it's a Windows computer we can
          ## copy the wolcmd utility to and run. This could be better.
          Write-Verbose "Testing $IpAddress SMB share file copy and removal"
          ## Create a temp text file and try to copy it over to test access
          $TestFilePath = "$($env:SystemDrive)\testcopy.txt"
          Add-Content -Path $TestFilePath -Value '' -Force
          Copy-Item -Path $TestFilePath -Destination "\\$IpAddress\c$" -Force
          Remove-Item -Path "\\$IpAddress\c$\testcopy.txt" -Force
          ## If it hasn't thrown an error yet then we've confirmed we can copy and delete a file from it
          Write-Verbose "Testing $IpAddress SMB share file copy and removal - Success"
          Write-Verbose "Testing $IpAddress remote WMI process creation"
          if (Test-Wmi -IpAddress $IpAddress) {
            Write-Verbose "Testing $IpAddress remote WMI process creation - Success"
            Write-Verbose "All tests passed. $IpAddress is a good WOL proxy"
            $true
          } else {
            throw 'Remote process could not be created with WMI'
          }
        } else {
          throw 'Host is offline'
        }
      } catch {
        Write-Warning "Test failed with error '$($_.Exception.Message)' for $IpAddress"
        $false
      }
    }

    function Get-WolProxy ($IpAddress, $SubnetMask) {
      ## Check if any known good WOL proxy exists before scanning all the IPs
      ## in that network
      $IpNetwork = Get-NetworkAddress -IPAddress $IpAddress -SubnetMask $SubnetMask
      $KnownGoodWolProxy = Get-KnownGoodWolProxy -IpNetwork $IpNetwork.NetworkAddress
      if ($KnownGoodWolProxy) {
        return $KnownGoodWolProxy
      } else {
        $HostIps = Get-NetworkRange -IP $IpAddress -Mask $SubnetMask
        foreach ($Ip in $HostIps) {
          Write-Verbose "Checking $Ip if good candidate for WOL proxy..."
          ## Check to see if our WOL proxy PC is online
          if (Validate-IsValidHost -IpAddress $Ip) {
            Write-Verbose "WOL Proxy found: $Ip"

            ## Add this computer to the known good proxy list for later
            New-KnownGoodWolProxy -HostProxy @{ 'IpAddress' = $Ip; 'SubnetMask' = $SubnetMask }

            return $Ip
          } else {
            Write-Verbose "IP address '$Ip' will not work as a WOL proxy"
          }
        }
        $false
      }
    }

    ## WOL proxy Windows hosts that are online and accessible
    function New-KnownGoodWolProxy {
      [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseShouldProcessForStateChangingFunctions", "")]
      [CmdletBinding()]
      param (
        [hashtable]$HostProxy
      )
      if (!(Get-KnownGoodWolProxy $HostProxy.IpAddress)) {
        Write-Verbose "The '$($HostProxy.IpAddress)' host is not yet in the known good WOL proxy host file."
        ## Create IP network from IP address and subnet mask
        $IpNetwork = Get-NetworkAddress -IPAddress $HostProxy.IpAddress -SubnetMask $HostProxy.SubnetMask
        Write-Verbose "Adding IP Address: $($HostProxy.IpAddress) IP Network: $IpNetwork SubnetMask: $($HostProxy.SubnetMask) to known good WOL proxy host file"
        [pscustomobject]@{
          'IpAddress'  = $HostProxy.IpAddress;
          'IpNetwork'  = $IpNetwork.NetworkAddress;
          'SubnetMask' = $HostProxy.SubnetMask
        } | Export-Csv -Path $KnownGoodWolProxyHostsFilePath -Append -NoTypeInformation
      }
    }

    function Remove-KnownGoodWolProxy ($IpAddress) {
      $NewCsvContents = Import-Csv -Path $KnownGoodWolProxyHostsFilePath | Where-Object { $_.IpAddress -ne $IpAddress }
      ##TODO: This removes the row and headers if only 1 row exists
      $NewCsvContents | Export-Csv -Path $KnownGoodWolProxyHostsFilePath -NoTypeInformation
    }

    ## Searches the known good WOL proxy file for an accessible host in the IP network specified
    function Get-KnownGoodWolProxy ([string]$IpNetwork) {
      if (!(Test-Path $KnownGoodWolProxyHostsFilePath)) {
        Write-Verbose "Known good WOL proxy host file at '$KnownGoodWolProxyHostsFilePath' does not exist"
        $false
      } else {
        $Hosts = Import-Csv -Path $KnownGoodWolProxyHostsFilePath | Where-Object { $_.IpNetwork -eq $IpNetwork }
        if (!$Hosts) {
          Write-Verbose "No known good WOL proxy hosts found in IP network '$IpNetwork'"
          $false
        } else {
          $HostsOnNet = $Hosts | Where-Object { $_.IpNetwork -eq $IpNetwork }
          if ($HostsOnNet) {
            Write-Verbose "$(($HostsOnNet | Measure-Object -Sum -ea silentlycontinue).Count) (unknown accessibility) known good WOL proxy hosts found on IP network '$IpNetwork'"
            Write-Verbose 'Checking previously known good WOL proxy hosts if still usable'
            $AccessibleHost = $HostsOnNet | Where-Object { Validate-IsValidHost $_.IpAddress } | Select-Object -First 1 -ExpandProperty IpAddress
            if ($AccessibleHost) {
              Write-Verbose "Found hostname '$AccessibleHost' still to be a good WOL proxy host"
              $AccessibleHost
            } else {
              Remove-KnownGoodWolProxy -IpAddress $_.IpAddress
            }
          } else {
            Write-Verbose "No accessible, known good WOL proxy hosts on the '$IpNetwork' found"
          }
        }
      }
    }

    function Send-WolPacketLocally ($MacAddress, $IpNetwork, $SubnetMask) {
      & $WolCmdFilePath $MacAddress $IPNetwork $SubnetMask $WolUdpPort 2>&1> $null
    }

    function Invoke-WolProxy ($IpAddress, $OfflineMacAddress, $OfflineIpNetwork, $OfflineSubnetMask) {
      ## Remove the dependency on wolcmd.exe. Use the Net.Sockets.UdpClient object instead.
      ## Copy wolcmd to the remote proxy computer
      Write-Verbose "Copying $WolCmdFilePath to \\$IpAddress\c`$..."
      Copy-Item $WolCmdFilePath "\\$IpAddress\c$" -Force

      $WolCmdString = "C:\$($WolCmdFilePath | Split-Path -Leaf) $OfflineMacAddress $OfflineIPNetwork $OfflineSubnetMask $WolUdpPort"
      Write-Verbose "Initiating the string `"$WolCmdString`"..."
      Write-Verbose "Connecting to $IpAddress and attempting WOL proxy function via WMI RPC method..."
      $Result = ([WMICLASS]"\\$IpAddress\Root\CIMV2:Win32_Process").create($WolCmdString)
      if ($Result) {
        Write-Verbose "Waiting for process ID $($Result.ProcessID) on IP $IpAddress..."
        while (Get-Process -Id $Result.ProcessID -ComputerName $IpAddress -ErrorAction 'SilentlyContinue') {
          sleep 1
        }
        Write-Verbose "Process ID $($Result.ProcessID) has exited"
      } else {
        Write-Warning "Failed to initiate WMI process creation on '$IpAddress'. Exit code was '$($NewProcess.ReturnValue)'"
      }
      #}
      ## Cleanup all files copied to the proxy computer
      Write-Verbose 'Cleaning up file remnants on WOL proxy computer...'
      if (Test-Path "\\$IpAddress\c`$\$($WolCmdFilePath | Split-Path -Leaf)") {
        Remove-Item -Path "\\$IpAddress\c`$\$($WolCmdFilePath | Split-Path -Leaf)" -Force
      }
    }

    if (Test-Connection -ComputerName $Computername -Quiet -Count 1) {
      Write-Verbose -Message "The computer $Computername is already online"
      return
    }

    ## Find all of the IP/subnet masks on the local computer
    $LocalIPAddressNetworks = Get-LocalIpNetwork
    Write-Verbose "Found $($LocalIPAddressNetworks.Count) local IP networks"

    ## Common WOL UDP ports are 7 and 9
    $WolUdpPort = 9

    $OfflineComputerNetwork = Get-OfflineComputerNetworkInformation $Computername
  }
  process {
    try {
      ## TODO: Make this run in parallel by jobs of a foreach -parallel workflow loop
      foreach ($Network in $OfflineComputerNetwork) {
        Write-Verbose "Processing IP address $($Network.IPAddress)..."
        Write-Verbose "Checking the remote network to see if it's on any local IP network..."
        $RemoteIpNetwork = Get-NetworkAddress -IPAddress $Network.IpAddress -SubnetMask $Network.SubnetMask
        if ($LocalIPNetworks.LocalIPNetwork -contains $RemoteIpNetwork.NetworkAddress) {
          Write-Verbose 'IP found to be on local subnet. No WOL proxy needed. Sending WOL directly to the intended machine...'
          Send-WolPacketLocally -MacAddress $Network.MacAddress -IpNetwork $RemoteIpNetwork.NetworkAddress -SubnetMask $Network.SubnetMask
        } else {
          Write-Verbose 'IP not found to be on local subnet. Getting WOL proxy computer...'
          $WolProxy = Get-WolProxy -IpAddress $Network.IPAddress -SubnetMask $Network.SubnetMask
          if (!$WolProxy) {
            Write-Warning "Unable to find a WOL proxy for '$Computername'"
          } else {
            Invoke-WolProxy -OfflineIpNetwork $RemoteIpNetwork.NetworkAddress -OfflineMacAddress $Network.MacAddress -OfflineSubnetMask $Network.SubnetMask -IpAddress $WolProxy
          }
        }
      }
    } catch {
      Write-Error $_.Exception.Message
    }
  }
}