Восстановление подключения агента к серверу управления

[Erael]

Скрипт:

$klnagent_status = (Get-Service klnagent -ErrorAction Ignore).Status
if( -not [string]::IsNullOrEmpty($klnagent_status) )
{
    Try {
        [string]$KLMoveTo = ""

        if($env:PROCESSOR_ARCHITECTURE -eq "AMD64")
        {
            $Target_Protection_AdmServer = [string](Get-ItemProperty 'HKLM:\SOFTWARE\WOW6432Node\KasperskyLab\' -ErrorAction Ignore).Target_Protection_AdmServer
            $Protection_AdmServer = [string](Get-ItemProperty 'HKLM:\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState' -ErrorAction Ignore).Protection_AdmServer
            $Agent_InstallDir = [string](Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\1103\1.0.0.0"-ErrorAction Ignore).InstallDir
        }
        else
        {
            $Target_Protection_AdmServer = [string](Get-ItemProperty 'HKLM:\SOFTWARE\KasperskyLab\' -ErrorAction Ignore).Target_Protection_AdmServer
            $Protection_AdmServer = [string](Get-ItemProperty 'HKLM:\SOFTWARE\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState' -ErrorAction Ignore).Protection_AdmServer
            $Agent_InstallDir = [string](Get-ItemProperty "HKLM:\SOFTWARE\KasperskyLab\Components\34\1103\1.0.0.0"-ErrorAction Ignore).InstallDir
        }

        if(-not [string]::IsNullOrEmpty($Target_Protection_AdmServer) -and ($Target_Protection_AdmServer -ne $Protection_AdmServer) )
        {
            if ( $(Test-NetConnection -ComputerName $Target_Protection_AdmServer -Port 13000 -WarningAction SilentlyContinue -InformationLevel Quiet ) )
            {
                $KLMoveTo = $Target_Protection_AdmServer
            }
        }

        if( -not [string]::IsNullOrEmpty($Protection_AdmServer))
        {
            if ( $(Test-NetConnection -ComputerName $Protection_AdmServer -Port 13000 -WarningAction SilentlyContinue -InformationLevel Quiet ) )
            {
                . "$($Agent_InstallDir)\klnagchk.exe"
                if ( -not $?)
                {
                    $KLMoveTo = $Protection_AdmServer
                }
            }
        }

        if($KLMoveTo)
        {
            Stop-Service klnagent -ErrorAction Ignore
            Start-Process -FilePath "$($Agent_InstallDir)\klmover.exe" -ArgumentList "-address $($Target_Protection_AdmServer) -silent" -NoNewWindow -Wait
            Start-Service klnagent -ErrorAction Ignore

            Start-Sleep -Seconds 5
            Restart-Service klnagent -ErrorAction Ignore
        }
    }
    Catch {
    }
}

 

Групповые политики:

Копирование файла на клиентские ПК:

<File clsid="{50BE44C8-567A-4ed1-B1D0-9234FE1F38AF}" name="klmover.ps1" status="klmover.ps1" image="1" changed="2024-03-28 07:40:22" uid="{5366A378-8BFF-49E6-86B7-135FA9A3D210}">
    <Properties action="R" fromPath="\\<NetworkShare>\klmover.ps1" targetPath="%WindowsDir%\klmover.ps1" readOnly="0" archive="1" hidden="0" suppress="0"/>
</File>

 

Создание задачи запуска скрипта:

<TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}" name="klmove" image="0" changed="2024-04-10 13:31:36" uid="{7D0F26FD-8964-4699-8386-B5D262A15B85}" userContext="0" removePolicy="0">
	<Properties action="C" name="klmove" runAs="СИСТЕМА" logonType="Group">
		<Task version="1.2">
			<RegistrationInfo>
				<Author>Erael</Author>
				<Description></Description>
			</RegistrationInfo>
			<Principals>
				<Principal id="Author">
					<RunLevel>HighestAvailable</RunLevel>
					<GroupId>СИСТЕМА</GroupId>
				</Principal>
			</Principals>
			<Settings>
				<IdleSettings>
					<Duration>PT5M</Duration>
					<WaitTimeout>PT1H</WaitTimeout>
					<StopOnIdleEnd>false</StopOnIdleEnd>
					<RestartOnIdle>false</RestartOnIdle>
				</IdleSettings>
				<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
				<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
				<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
				<AllowHardTerminate>false</AllowHardTerminate>
				<AllowStartOnDemand>true</AllowStartOnDemand>
				<Enabled>true</Enabled>
				<Hidden>false</Hidden>
				<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
				<Priority>7</Priority>
				<StartWhenAvailable>true</StartWhenAvailable>
			</Settings>
			<Triggers>
				<BootTrigger>
					<Enabled>true</Enabled>
					<Delay>PT30M</Delay>
				</BootTrigger>
				<TimeTrigger>
					<StartBoundary>2024-04-10T11:29:19</StartBoundary>
					<Enabled>true</Enabled>
				</TimeTrigger>
			</Triggers>
			<Actions Context="Author">
				<Exec>
					<Command>powershell.exe</Command>
					<Arguments>-NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File c:\Windows\klmover.ps1</Arguments>
				</Exec>
			</Actions>
		</Task>
	</Properties>
	<Filters>
		<FilterOrgUnit bool="AND" not="0" name="OU=...,DC=domain,DC=local" userContext="0" directMember="0"/>
	</Filters>
</TaskV2>

 

Указание целевого сервера администрирования:

<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="Target_Protection_AdmServer">
	<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="Target_Protection_AdmServer" status="Target_Protection_AdmServer" image="6" changed="2024-03-27 16:23:10" uid="{12A67558-0D56-4155-8B36-31FD502D21AB}" bypassErrors="1">
		<Properties action="R" displayDecimal="0" default="0" hive="HKEY_LOCAL_MACHINE" key="SOFTWARE\WOW6432Node\KasperskyLab" name="Target_Protection_AdmServer" type="REG_SZ" value="server.local"/>
		<Filters>
			<FilterVariable bool="AND" not="0" variableName="PROCESSOR_ARCHITECTURE" value="AMD64"/>
		</Filters>
	</Registry>
	<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="Target_Protection_AdmServer" status="Target_Protection_AdmServer" image="6" changed="2024-03-27 16:23:36" uid="{BD980A4D-F62F-4D01-9947-585CA3B0EEF5}" bypassErrors="1">
		<Properties action="R" displayDecimal="0" default="0" hive="HKEY_LOCAL_MACHINE" key="SOFTWARE\KasperskyLab" name="Target_Protection_AdmServer" type="REG_SZ" value="server.local"/>
		<Filters>
			<FilterVariable bool="AND" not="0" variableName="PROCESSOR_ARCHITECTURE" value="x86"/>
		</Filters>
	</Registry>
</Collection>